[{"CVE":"CVE-2026-39881","severity":"moderate","public_date":"2026-04-08T20:18:19Z","advisories":[],"bugzilla":"2456722","bugzilla_description":"vim: Vim: Arbitrary code execution via command injection in NetBeans interface","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-78","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39881.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N","cvss3_score":"5.0"},{"CVE":"CVE-2025-14243","severity":"moderate","public_date":"2026-04-08T16:31:00Z","advisories":[],"bugzilla":"2419829","bugzilla_description":"mirror-registry: OpenShift Mirror Registry: User enumeration via authentication error messages","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-209","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14243.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2026-2377","severity":"important","public_date":"2026-04-08T16:18:10Z","advisories":[],"bugzilla":"2439201","bugzilla_description":"mirror-registry: quay: quay: Server-Side Request Forgery via log export functionality","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-918","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2377.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-33753","severity":"moderate","public_date":"2026-04-08T14:54:59Z","advisories":[],"bugzilla":"2456545","bugzilla_description":"rfc3161-client: rfc3161-client: Authorization bypass allows impersonation of TimeStamping Authority","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-295","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33753.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","cvss3_score":"6.2"},{"CVE":"CVE-2026-39865","severity":"moderate","public_date":"2026-04-08T14:25:27Z","advisories":[],"bugzilla":"2456538","bugzilla_description":"axios: Axios: Denial of Service via HTTP/2 session cleanup logic state corruption","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-367","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39865.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.9"},{"CVE":"CVE-2025-57847","severity":"moderate","public_date":"2026-04-08T13:47:09Z","advisories":[],"bugzilla":"2391092","bugzilla_description":"ansible-automation-platform: privilege escalation via excessive group writable /etc/passwd permissions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-276","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57847.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"6.4"},{"CVE":"CVE-2025-57851","severity":"moderate","public_date":"2026-04-08T13:45:54Z","advisories":[],"bugzilla":"2391104","bugzilla_description":"mce: privilege escalation via excessive /etc/passwd permissions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-276","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57851.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"6.4"},{"CVE":"CVE-2025-57853","severity":"moderate","public_date":"2026-04-08T13:45:39Z","advisories":[],"bugzilla":"2391106","bugzilla_description":"web-terminal: privilege escalation via excessive /etc/passwd permissions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-276","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57853.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"6.4"},{"CVE":"CVE-2025-57854","severity":"moderate","public_date":"2026-04-08T13:45:19Z","advisories":[],"bugzilla":"2391107","bugzilla_description":"osus-operator: privilege escalation via excessive /etc/passwd permissions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-276","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57854.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"6.4"},{"CVE":"CVE-2025-58713","severity":"moderate","public_date":"2026-04-08T13:44:47Z","advisories":[],"bugzilla":"2394419","bugzilla_description":"rhpam: privilege escalation via excessive /etc/passwd permissions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-276","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58713.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"6.4"},{"CVE":"CVE-2026-32281","severity":"moderate","public_date":"2026-04-08T01:06:58Z","advisories":[],"bugzilla":"2456333","bugzilla_description":"crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1050","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32281.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.9"},{"CVE":"CVE-2026-32288","severity":"moderate","public_date":"2026-04-08T01:06:57Z","advisories":[],"bugzilla":"2456332","bugzilla_description":"archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32288.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","cvss3_score":"4.3"},{"CVE":"CVE-2026-27143","severity":"moderate","public_date":"2026-04-08T01:06:57Z","advisories":[],"bugzilla":"2456342","bugzilla_description":"golang: cmd/compile: possible memory corruption after bound check elimination","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-733","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27143.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"8.1"},{"CVE":"CVE-2026-32289","severity":"moderate","public_date":"2026-04-08T01:06:56Z","advisories":[],"bugzilla":"2456334","bugzilla_description":"html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-79","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32289.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","cvss3_score":"5.4"},{"CVE":"CVE-2026-27144","severity":"moderate","public_date":"2026-04-08T01:06:56Z","advisories":[],"bugzilla":"2456340","bugzilla_description":"golang: cmd/compile: no-op interface conversion bypasses overlap checking","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-440","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27144.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"8.1"},{"CVE":"CVE-2026-32589","severity":"important","public_date":"2026-04-08T00:00:00Z","advisories":[],"bugzilla":"2446963","bugzilla_description":"mirror-registry: quay: insecure direct object reference in BlobUpload","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-639","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32589.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L","cvss3_score":"7.1"},{"CVE":"CVE-2026-32590","severity":"moderate","public_date":"2026-04-08T00:00:00Z","advisories":[],"bugzilla":"2446964","bugzilla_description":"mirror-registry: remote code execution using pickle deserialization","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-502","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32590.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.1"},{"CVE":"CVE-2026-32591","severity":"important","public_date":"2026-04-08T00:00:00Z","advisories":[],"bugzilla":"2446965","bugzilla_description":"mirror-registry: quay: server-side request forgery in proxy cache upstream registry configuration","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-918","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32591.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N","cvss3_score":"5.2"},{"CVE":"CVE-2026-31411","severity":"moderate","public_date":"2026-04-08T00:00:00Z","advisories":[],"bugzilla":"2456521","bugzilla_description":"kernel: net: atm: fix crash due to unvalidated vcc pointer in sigd_send()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-822","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31411.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.0"},{"CVE":"CVE-2026-28390","severity":"moderate","public_date":"2026-04-07T22:00:54Z","advisories":[],"bugzilla":"2456314","bugzilla_description":"openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28390.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-35406","severity":"moderate","public_date":"2026-04-07T21:32:23Z","advisories":[],"bugzilla":"2456280","bugzilla_description":"aardvark-dns: Aardvark-dns: Denial of Service due to malformed TCP DNS queries","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-835","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35406.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-34079","severity":"moderate","public_date":"2026-04-07T21:29:44Z","advisories":[],"bugzilla":"2456284","bugzilla_description":"flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34079.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:L","cvss3_score":"6.7"},{"CVE":"CVE-2026-34078","severity":"moderate","public_date":"2026-04-07T21:27:45Z","advisories":[],"bugzilla":"2456276","bugzilla_description":"flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-59","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34078.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"8.2"},{"CVE":"CVE-2026-34781","severity":"moderate","public_date":"2026-04-07T21:20:12Z","advisories":[],"bugzilla":"2456279","bugzilla_description":"Electron: Electron: Denial of Service via malformed clipboard image data","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1287","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34781.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"5.0"},{"CVE":"CVE-2026-34765","severity":"moderate","public_date":"2026-04-07T21:18:35Z","advisories":[],"bugzilla":"2456278","bugzilla_description":"electron: Electron: Arbitrary code execution or information disclosure via incorrect window handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-653","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34765.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.1"},{"CVE":"CVE-2026-34582","severity":"important","public_date":"2026-04-07T21:13:49Z","advisories":[],"bugzilla":"2456285","bugzilla_description":"botan: Botan: Client authentication bypass in TLS 1.3 implementation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-166","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34582.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"9.1"},{"CVE":"CVE-2026-34580","severity":"important","public_date":"2026-04-07T21:12:09Z","advisories":[],"bugzilla":"2456288","bugzilla_description":"Botan: Botan: Certificate validation bypass due to incorrect certificate matching","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-295","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34580.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"9.1"},{"CVE":"CVE-2026-34080","severity":"moderate","public_date":"2026-04-07T20:57:57Z","advisories":[],"bugzilla":"2456273","bugzilla_description":"xdg-dbus-proxy: xdg-dbus-proxy: Information disclosure due to policy parser vulnerability","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1286","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34080.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"5.5"},{"CVE":"CVE-2026-39395","severity":"moderate","public_date":"2026-04-07T20:06:28Z","advisories":[],"bugzilla":"2456254","bugzilla_description":"github.com/sigstore/cosign: Cosign: Incorrect attestation verification due to malformed payloads or mismatched predicate types","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-347","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39395.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-39373","severity":"important","public_date":"2026-04-07T19:35:36Z","advisories":[],"bugzilla":"2456187","bugzilla_description":"JWCrypto: python-cryptography: python: JWCrypto: Memory exhaustion via crafted compressed JWE tokens","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39373.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-39365","severity":"moderate","public_date":"2026-04-07T19:13:50Z","advisories":[],"bugzilla":"2456190","bugzilla_description":"vite: Vite: Information disclosure via path traversal in dev server's .map request handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39365.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2026-39364","severity":"important","public_date":"2026-04-07T19:12:47Z","advisories":[],"bugzilla":"2456181","bugzilla_description":"vite: Vite: Information disclosure via query parameter manipulation on the development server","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-472","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39364.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-39363","severity":"important","public_date":"2026-04-07T19:10:44Z","advisories":[],"bugzilla":"2456179","bugzilla_description":"Vite: Vite: Information disclosure via WebSocket connection bypasses access control","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1220","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39363.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-39316","severity":"moderate","public_date":"2026-04-07T17:00:26Z","advisories":[],"bugzilla":"2456120","bugzilla_description":"cups: CUPS: Denial of Service and potential arbitrary code execution via use-after-free vulnerability when deleting temporary printers.","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39316.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"4.0"},{"CVE":"CVE-2026-39314","severity":"moderate","public_date":"2026-04-07T16:59:23Z","advisories":[],"bugzilla":"2456107","bugzilla_description":"cups: CUPS: Denial of Service via integer underflow in IPP attribute handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-191","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39314.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"4.0"},{"CVE":"CVE-2026-32588","severity":"moderate","public_date":"2026-04-07T16:42:52Z","advisories":[],"bugzilla":"2456105","bugzilla_description":"Apache Cassandra: Apache Cassandra: Denial of Service via repeated password changes","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32588.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"4.3"},{"CVE":"CVE-2026-35611","severity":"moderate","public_date":"2026-04-07T16:38:08Z","advisories":[],"bugzilla":"2456062","bugzilla_description":"addressable: Addressable: Denial of Service via crafted URI templates","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1333","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35611.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-4631","severity":"critical","public_date":"2026-04-07T15:52:00Z","advisories":[],"bugzilla":"2450246","bugzilla_description":"cockpit: Cockpit: Unauthenticated remote code execution due to SSH command-line argument injection","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-78","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4631.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"9.8"},{"CVE":"CVE-2026-33816","severity":"important","public_date":"2026-04-07T15:19:24Z","advisories":[],"bugzilla":"2455972","bugzilla_description":"github.com/jackc/pgx/v5/pgproto3: github.com/jackc/pgx: Memory-safety vulnerability","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33816.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","cvss3_score":"8.3"},{"CVE":"CVE-2026-33815","severity":"important","public_date":"2026-04-07T15:19:24Z","advisories":[],"bugzilla":"2455975","bugzilla_description":"github.com/jackc/pgx/v5/pgproto3: github.com/jackc/pgx: Memory-safety vulnerability","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33815.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L","cvss3_score":"8.3"},{"CVE":"CVE-2026-35515","severity":"moderate","public_date":"2026-04-07T15:06:10Z","advisories":[],"bugzilla":"2455993","bugzilla_description":"@nestjs/core: Nest: Server-Sent Events (SSE) injection and spoofing via unsanitized newline characters","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-93","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35515.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","cvss3_score":"6.5"},{"CVE":"CVE-2026-33034","severity":"moderate","public_date":"2026-04-07T14:22:59Z","advisories":[],"bugzilla":"2455927","bugzilla_description":"Django: Django: Denial of Service via missing or understated Content-Length header in ASGI requests","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-130","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33034.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-33033","severity":"moderate","public_date":"2026-04-07T14:22:48Z","advisories":[],"bugzilla":"2455962","bugzilla_description":"Django: Django: Performance degradation via excessive whitespace in multipart uploads","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1286","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33033.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-4292","severity":"moderate","public_date":"2026-04-07T14:22:38Z","advisories":[],"bugzilla":"2455941","bugzilla_description":"Django: Django: Unauthorized instance creation via forged POST data in Admin changelist forms","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-472","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4292.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2026-4277","severity":"moderate","public_date":"2026-04-07T14:22:25Z","advisories":[],"bugzilla":"2455939","bugzilla_description":"Django: Django: Privilege Abuse via Forged POST Data in GenericInlineModelAdmin","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-639","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4277.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"5.4"},{"CVE":"CVE-2026-3902","severity":"moderate","public_date":"2026-04-07T14:22:07Z","advisories":[],"bugzilla":"2455935","bugzilla_description":"Django: Django: Header spoofing via ambiguous header mapping","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-444","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3902.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2026-4740","severity":"important","public_date":"2026-04-07T14:00:35Z","advisories":[],"bugzilla":"2450590","bugzilla_description":"rhacm: Open Cluster Management (OCM): Cross-cluster privilege escalation via improper Kubernetes client certificate renewal validation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-295","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4740.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","cvss3_score":"8.2"},{"CVE":"CVE-2026-20911","severity":"important","public_date":"2026-04-07T13:49:31Z","advisories":[],"bugzilla":"2455959","bugzilla_description":"LibRaw: LibRaw: Arbitrary Code Execution via specially crafted file","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-20911.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-21413","severity":"important","public_date":"2026-04-07T13:49:29Z","advisories":[],"bugzilla":"2455929","bugzilla_description":"LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflow in lossless JPEG loading","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21413.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-20889","severity":"important","public_date":"2026-04-07T13:49:27Z","advisories":[],"bugzilla":"2455942","bugzilla_description":"LibRaw: LibRaw: Arbitrary code execution via specially crafted image file","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-20889.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-24660","severity":"important","public_date":"2026-04-07T13:49:25Z","advisories":[],"bugzilla":"2455926","bugzilla_description":"LibRaw: LibRaw: Memory Corruption via Malicious File Processing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24660.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-24450","severity":"moderate","public_date":"2026-04-07T13:49:23Z","advisories":[],"bugzilla":"2455925","bugzilla_description":"LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24450.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-20884","severity":"moderate","public_date":"2026-04-07T13:49:22Z","advisories":[],"bugzilla":"2455934","bugzilla_description":"LibRaw: LibRaw: Arbitrary code execution via integer overflow in deflate_dng_load_raw","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-20884.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-5735","severity":"important","public_date":"2026-04-07T12:43:15Z","advisories":[],"bugzilla":"2455904","bugzilla_description":"thunderbird: firefox: Memory safety bugs fixed in Firefox 149.0.2 and Thunderbird 149.0.2","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5735.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-5734","severity":"important","public_date":"2026-04-07T12:43:14Z","advisories":[],"bugzilla":"2455897","bugzilla_description":"thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5734.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-5733","severity":"important","public_date":"2026-04-07T12:43:13Z","advisories":[],"bugzilla":"2455902","bugzilla_description":"firefox: Incorrect boundary conditions in the Graphics: WebGPU component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5733.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-5732","severity":"important","public_date":"2026-04-07T12:43:12Z","advisories":[],"bugzilla":"2455908","bugzilla_description":"firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics: Text component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5732.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-5731","severity":"important","public_date":"2026-04-07T12:43:11Z","advisories":[],"bugzilla":"2455901","bugzilla_description":"thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.34.1, Firefox ESR 140.9.1, Thunderbird ESR 140.9.1, Firefox 149.0.2 and Thunderbird 149.0.2","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5731.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-28808","severity":"important","public_date":"2026-04-07T12:28:16Z","advisories":[],"bugzilla":"2455909","bugzilla_description":"erlang/otp: inets: Erlang OTP inets modules: Unauthenticated access to protected CGI scripts via incorrect authorization","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-551","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28808.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"7.4"},{"CVE":"CVE-2026-32144","severity":"important","public_date":"2026-04-07T12:28:00Z","advisories":[],"bugzilla":"2455896","bugzilla_description":"Erlang OTP: Erlang OTP public_key: OCSP authorization bypass and information disclosure due to missing signature verification","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-347","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32144.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"7.4"},{"CVE":"CVE-2026-33227","severity":"moderate","public_date":"2026-04-07T07:50:58Z","advisories":[],"bugzilla":"2455867","bugzilla_description":"org.apache.activemq/activemq-client: org.apache.activemq/activemq-broker: org.apache.activemq/activemq-all: org.apache.activemq/activemq-web: improper limitation of a pathname to a restricted classpath directory","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33227.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","cvss3_score":"4.3"},{"CVE":"CVE-2026-28810","severity":"moderate","public_date":"2026-04-07T07:50:11Z","advisories":[],"bugzilla":"2455868","bugzilla_description":"erlang/otp: Erlang/OTP kernel: DNS cache poisoning via predictable DNS transaction IDs","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-331","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28810.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2026-34197","severity":"important","public_date":"2026-04-07T07:50:10Z","advisories":[],"bugzilla":"2455869","bugzilla_description":"org.apache.activemq/activemq-broker: org.apache.activemq/activemq-all: Apache ActiveMQ: Arbitrary Code Execution via crafted discovery URI in Jolokia JMX-HTTP bridge","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-78","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34197.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-1839","severity":"moderate","public_date":"2026-04-07T05:22:00Z","advisories":[],"bugzilla":"2455854","bugzilla_description":"transformers: HuggingFace Transformers: Arbitrary code execution via malicious checkpoint file","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-502","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1839.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"6.7"},{"CVE":"CVE-2026-31790","severity":"moderate","public_date":"2026-04-07T00:00:00Z","advisories":[],"bugzilla":"2451094","bugzilla_description":"openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-824","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31790.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"5.9"},{"CVE":"CVE-2026-5745","severity":"moderate","public_date":"2026-04-07T00:00:00Z","advisories":[],"bugzilla":"2455921","bugzilla_description":"libarchive: A NULL pointer dereference vulnerability exists in the ACL parser of libarchive","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5745.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-34972","severity":"moderate","public_date":"2026-04-06T20:41:33Z","advisories":[],"bugzilla":"2455611","bugzilla_description":"github.com/openfga/openfga: OpenFGA: Improper policy enforcement via specific BatchCheck calls","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-639","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34972.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"4.2"},{"CVE":"CVE-2026-35172","severity":"important","public_date":"2026-04-06T19:08:44Z","advisories":[],"bugzilla":"2455571","bugzilla_description":"github.com/distribution/distribution: Distribution: Information disclosure via stale references after content deletion","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-524","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35172.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-33817","severity":null,"public_date":"2026-04-06T18:13:23Z","advisories":[],"bugzilla":"2455544","bugzilla_description":"go.etcd.io/bbolt: go.etcd.io/bbolt: Denial of Service via index out-of-range error","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33817.json"},{"CVE":"CVE-2026-35177","severity":"moderate","public_date":"2026-04-06T17:54:42Z","advisories":[],"bugzilla":"2455542","bugzilla_description":"vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35177.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L","cvss3_score":"4.1"},{"CVE":"CVE-2026-35166","severity":"moderate","public_date":"2026-04-06T17:37:05Z","advisories":[],"bugzilla":"2455512","bugzilla_description":"hugo: github.com/gohugoio/hugo: Hugo: Information disclosure and content manipulation via improper markdown link escaping","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-79","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35166.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N","cvss3_score":"4.6"},{"CVE":"CVE-2026-35030","severity":"important","public_date":"2026-04-06T16:47:02Z","advisories":[],"bugzilla":"2455509","bugzilla_description":"litellm: LiteLLM: Authentication bypass and privilege escalation via OIDC userinfo cache key collision","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-222","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35030.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"9.1"},{"CVE":"CVE-2026-35029","severity":"important","public_date":"2026-04-06T16:35:28Z","advisories":[],"bugzilla":"2455474","bugzilla_description":"litellm: LiteLLM: Remote code execution and privilege escalation via unrestricted proxy configuration endpoint","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-425","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35029.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","cvss3_score":"9.9"},{"CVE":"CVE-2026-34986","severity":"important","public_date":"2026-04-06T16:22:45Z","advisories":[],"bugzilla":"2455470","bugzilla_description":"github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34986.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-34764","severity":"low","public_date":"2026-04-06T15:46:40Z","advisories":[],"bugzilla":"2455466","bugzilla_description":"Electron: Electron: Memory corruption or crash due to use-after-free in offscreen rendering with shared textures.","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34764.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"2.3"},{"CVE":"CVE-2026-34756","severity":"important","public_date":"2026-04-06T15:40:03Z","advisories":[],"bugzilla":"2455425","bugzilla_description":"vllm: vLLM: Denial of Service via excessively large 'n' parameter in OpenAI-compatible API","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1284","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34756.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-34755","severity":"important","public_date":"2026-04-06T15:38:53Z","advisories":[],"bugzilla":"2455403","bugzilla_description":"vLLM: vLLM: Denial of Service due to excessive video frame processing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34755.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-34753","severity":"moderate","public_date":"2026-04-06T15:36:52Z","advisories":[],"bugzilla":"2455394","bugzilla_description":"vllm: vLLM: Server-Side Request Forgery allows access to internal services via controlled batch input","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-918","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34753.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L","cvss3_score":"5.4"},{"CVE":"CVE-2026-34589","severity":"important","public_date":"2026-04-06T15:33:03Z","advisories":[],"bugzilla":"2455411","bugzilla_description":"OpenEXR: OpenEXR: Memory corruption leading to arbitrary code execution or denial of service","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34589.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-34588","severity":"important","public_date":"2026-04-06T15:31:57Z","advisories":[],"bugzilla":"2455408","bugzilla_description":"OpenEXR: OpenEXR: Arbitrary code execution and information disclosure via crafted EXR file","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34588.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-34444","severity":"important","public_date":"2026-04-06T15:30:30Z","advisories":[],"bugzilla":"2455413","bugzilla_description":"lupa: Lupa: Arbitrary Code Execution due to inconsistent attribute filtering","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-914","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34444.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"8.1"},{"CVE":"CVE-2026-34380","severity":"moderate","public_date":"2026-04-06T15:22:40Z","advisories":[],"bugzilla":"2455384","bugzilla_description":"OpenEXR: OpenEXR: Denial of Service due to signed integer overflow in image decoding","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34380.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"5.3"},{"CVE":"CVE-2026-34379","severity":"important","public_date":"2026-04-06T15:21:06Z","advisories":[],"bugzilla":"2455402","bugzilla_description":"OpenEXR: OpenEXR: Denial of Service due to misaligned memory write during EXR file decoding","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-475","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34379.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H","cvss3_score":"7.1"},{"CVE":"CVE-2026-34378","severity":"moderate","public_date":"2026-04-06T15:19:34Z","advisories":[],"bugzilla":"2455423","bugzilla_description":"OpenEXR: OpenEXR: Denial of Service via crafted EXR file integer overflow","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34378.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-34982","severity":"important","public_date":"2026-04-06T15:16:48Z","advisories":[],"bugzilla":"2455400","bugzilla_description":"vim: arbitrary command execution via modeline sandbox bypass","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-78","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34982.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N","cvss3_score":"8.2"},{"CVE":"CVE-2026-33540","severity":"moderate","public_date":"2026-04-06T14:55:04Z","advisories":[],"bugzilla":"2455430","bugzilla_description":"github.com/distribution/distribution: Distribution: Information disclosure via improper validation of authentication realm URL","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-918","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33540.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","cvss3_score":"3.1"},{"CVE":"CVE-2026-5704","severity":"moderate","public_date":"2026-04-06T13:36:20Z","advisories":[],"bugzilla":"2455360","bugzilla_description":"tar: tar: Hidden file injection via crafted archives","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-434","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5704.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N","cvss3_score":"5.0"},{"CVE":"CVE-2026-5673","severity":"moderate","public_date":"2026-04-06T09:16:15Z","advisories":[],"bugzilla":"2455340","bugzilla_description":"libtheora: libtheora: Denial of Service or Information Disclosure via malformed AVI file processing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5673.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H","cvss3_score":"5.6"},{"CVE":"CVE-2026-37977","severity":"low","public_date":"2026-04-06T08:34:01Z","advisories":[],"bugzilla":"2455324","bugzilla_description":"keycloak: org.keycloak.protocol.oidc.grants.ciba: Keycloak: Information disclosure via CORS header injection due to unvalidated JWT azp claim","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-346","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-37977.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","cvss3_score":"3.7"},{"CVE":"CVE-2026-31407","severity":"moderate","public_date":"2026-04-06T00:00:00Z","advisories":[],"bugzilla":"2455331","bugzilla_description":"kernel: netfilter: conntrack: add missing netlink policy validations","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31407.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-31406","severity":"moderate","public_date":"2026-04-06T00:00:00Z","advisories":[],"bugzilla":"2455332","bugzilla_description":"kernel: xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31406.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-31408","severity":"moderate","public_date":"2026-04-06T00:00:00Z","advisories":[],"bugzilla":"2455334","bugzilla_description":"kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-911","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31408.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.0"},{"CVE":"CVE-2026-31405","severity":null,"public_date":"2026-04-06T00:00:00Z","advisories":[],"bugzilla":"2455336","bugzilla_description":"kernel: media: dvb-net: fix OOB access in ULE extension header tables","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1285","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31405.json"},{"CVE":"CVE-2026-31409","severity":null,"public_date":"2026-04-06T00:00:00Z","advisories":[],"bugzilla":"2455337","bugzilla_description":"kernel: ksmbd: unset conn->binding on failed binding request","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-390","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31409.json"},{"CVE":"CVE-2026-31410","severity":null,"public_date":"2026-04-06T00:00:00Z","advisories":[],"bugzilla":"2455339","bugzilla_description":"kernel: ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-166","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31410.json"},{"CVE":"CVE-2026-5530","severity":"moderate","public_date":"2026-04-05T00:30:13Z","advisories":[],"bugzilla":"2455147","bugzilla_description":"ollama: Ollama: Server-Side Request Forgery via Model Pull API manipulation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-918","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5530.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","cvss3_score":"6.3"},{"CVE":"CVE-2026-34780","severity":"important","public_date":"2026-04-04T00:02:02Z","advisories":[],"bugzilla":"2455020","bugzilla_description":"electron: Electron: Context Isolation bypass via VideoFrame object transfer","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-501","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34780.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"8.0"},{"CVE":"CVE-2026-34778","severity":"moderate","public_date":"2026-04-03T23:59:07Z","advisories":[],"bugzilla":"2455024","bugzilla_description":"Electron: Electron: Integrity issue due to IPC channel spoofing by a service worker","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-290","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34778.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N","cvss3_score":"5.9"},{"CVE":"CVE-2026-34777","severity":"moderate","public_date":"2026-04-03T23:57:36Z","advisories":[],"bugzilla":"2455022","bugzilla_description":"Electron: Electron: Unauthorized permission granting and information disclosure via incorrect iframe origin","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-346","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34777.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","cvss3_score":"5.4"},{"CVE":"CVE-2026-34776","severity":"moderate","public_date":"2026-04-03T23:56:42Z","advisories":[],"bugzilla":"2455021","bugzilla_description":"Electron: Electron: Information disclosure via crafted second-instance message","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34776.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-34775","severity":"moderate","public_date":"2026-04-03T23:55:20Z","advisories":[],"bugzilla":"2455023","bugzilla_description":"Electron: Electron: Arbitrary code execution and information disclosure due to incorrect Node.js integration scoping","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-266","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34775.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","cvss3_score":"6.8"},{"CVE":"CVE-2026-34774","severity":"important","public_date":"2026-04-03T23:52:38Z","advisories":[],"bugzilla":"2455026","bugzilla_description":"Electron: Electron: Memory corruption and crash due to use-after-free in offscreen rendering","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34774.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"8.1"},{"CVE":"CVE-2026-34773","severity":"moderate","public_date":"2026-04-03T23:50:42Z","advisories":[],"bugzilla":"2455025","bugzilla_description":"electron: Electron: Protocol handler hijacking via improper validation of protocol names","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-791","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34773.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N","cvss3_score":"4.7"},{"CVE":"CVE-2026-34772","severity":"moderate","public_date":"2026-04-03T23:49:20Z","advisories":[],"bugzilla":"2455005","bugzilla_description":"Electron: Electron: Use-after-free vulnerability leads to memory corruption or crash","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34772.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L","cvss3_score":"5.8"},{"CVE":"CVE-2026-34771","severity":"important","public_date":"2026-04-03T23:47:23Z","advisories":[],"bugzilla":"2454995","bugzilla_description":"electron: Electron: Memory corruption or application crash via use-after-free in permission request handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-364","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34771.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-34768","severity":"low","public_date":"2026-04-03T23:44:55Z","advisories":[],"bugzilla":"2454996","bugzilla_description":"electron: Electron: Arbitrary code execution via unquoted path in Run registry key","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-428","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34768.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L","cvss3_score":"3.9"},{"CVE":"CVE-2026-34767","severity":"moderate","public_date":"2026-04-03T23:43:09Z","advisories":[],"bugzilla":"2455000","bugzilla_description":"electron: Electron: HTTP Response Header Injection via attacker-controlled input","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-140","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34767.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N","cvss3_score":"5.9"},{"CVE":"CVE-2026-34766","severity":"low","public_date":"2026-04-03T23:35:10Z","advisories":[],"bugzilla":"2454998","bugzilla_description":"Electron: Electron: Unauthorized USB device access via select-usb-device event callback validation bypass","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1289","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34766.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N","cvss3_score":"3.3"},{"CVE":"CVE-2026-34769","severity":"important","public_date":"2026-04-03T23:33:55Z","advisories":[],"bugzilla":"2455004","bugzilla_description":"Electron: Electron: Arbitrary code execution and security bypass via undocumented command-line switches","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-88","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34769.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"7.7"},{"CVE":"CVE-2026-34933","severity":"moderate","public_date":"2026-04-03T22:43:26Z","advisories":[],"bugzilla":"2454978","bugzilla_description":"avahi: avahi-daemon: Avahi: Denial of Service via D-Bus method call","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1288","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34933.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-27456","severity":"moderate","public_date":"2026-04-03T21:23:00Z","advisories":[],"bugzilla":"2454956","bugzilla_description":"util-linux: TOCTOU in the mount program when setting up loop devices","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-367","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27456.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"4.7"},{"CVE":"CVE-2026-34980","severity":"moderate","public_date":"2026-04-03T21:18:09Z","advisories":[],"bugzilla":"2454954","bugzilla_description":"cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-78","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34980.json","cvss3_scoring_vector":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L","cvss3_score":"6.4"},{"CVE":"CVE-2026-34979","severity":"moderate","public_date":"2026-04-03T21:16:38Z","advisories":[],"bugzilla":"2454946","bugzilla_description":"cups: OpenPrinting CUPS: Denial of Service via heap-based buffer overflow in job attribute processing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34979.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-34978","severity":"moderate","public_date":"2026-04-03T21:15:15Z","advisories":[],"bugzilla":"2454957","bugzilla_description":"cups: OpenPrinting CUPS: Denial of Service via path traversal in RSS notifier","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34978.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","cvss3_score":"6.5"},{"CVE":"CVE-2026-34990","severity":"moderate","public_date":"2026-04-03T21:14:09Z","advisories":[],"bugzilla":"2454947","bugzilla_description":"cups: OpenPrinting CUPS: Privilege escalation via arbitrary file overwrite due to coerced authentication","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-73","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34990.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","cvss3_score":"5.2"},{"CVE":"CVE-2026-27447","severity":"moderate","public_date":"2026-04-03T21:11:59Z","advisories":[],"bugzilla":"2454949","bugzilla_description":"cups: OpenPrinting CUPS: Authorization bypass via case-insensitive username comparison","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-178","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27447.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","cvss3_score":"6.4"},{"CVE":"CVE-2026-27124","severity":"moderate","public_date":"2026-04-03T15:22:17Z","advisories":[],"bugzilla":"2454826","bugzilla_description":"FastMCP: FastMCP OAuthProxy: FastMCP OAuthProxy: Unauthorized actions due to improper consent validation in GitHub OAuth","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-303","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27124.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-35549","severity":"moderate","public_date":"2026-04-03T05:00:18Z","advisories":[],"bugzilla":"2454731","bugzilla_description":"MariaDB Server: MariaDB Server: Denial of Service via large packet with caching_sha2_password authentication plugin","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35549.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-35536","severity":"moderate","public_date":"2026-04-03T02:25:57Z","advisories":[],"bugzilla":"2454716","bugzilla_description":"tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-88","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35536.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","cvss3_score":"5.4"},{"CVE":"CVE-2026-35535","severity":"important","public_date":"2026-04-03T02:21:33Z","advisories":[],"bugzilla":"2454714","bugzilla_description":"sudo: Sudo: Privilege escalation due to failure in privilege drop calls","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-272","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35535.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.4"},{"CVE":"CVE-2026-23422","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":null,"bugzilla_description":null,"cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-392","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23422.json"},{"CVE":"CVE-2026-23424","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454768","bugzilla_description":"kernel: accel/amdxdna: Validate command buffer payload count","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23424.json"},{"CVE":"CVE-2026-23420","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454770","bugzilla_description":"kernel: wifi: wlcore: Fix a locking bug","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-832","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23420.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23419","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454774","bugzilla_description":"kernel: net/rds: Fix circular locking dependency in rds_tcp_tune","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-833","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23419.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23421","severity":"low","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454775","bugzilla_description":"kernel: drm/xe/configfs: Free ctx_restore_mid_bb in release","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23421.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23418","severity":"low","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454776","bugzilla_description":"kernel: drm/xe/reg_sr: Fix leak on xa_store failure","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23418.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23426","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454777","bugzilla_description":"kernel: drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-911","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23426.json"},{"CVE":"CVE-2026-23425","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454778","bugzilla_description":"kernel: KVM: arm64: Fix ID register initialization for non-protected pKVM guests","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-909","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23425.json"},{"CVE":"CVE-2026-23423","severity":"low","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454779","bugzilla_description":"kernel: btrfs: free pages on error in btrfs_uring_read_extent()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23423.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23450","severity":"important","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454799","bugzilla_description":"kernel: net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23450.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.0"},{"CVE":"CVE-2026-23457","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454800","bugzilla_description":"kernel: netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-681","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23457.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H","cvss3_score":"5.3"},{"CVE":"CVE-2026-23451","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454803","bugzilla_description":"kernel: bonding: prevent potential infinite loop in bond_header_parse()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-835","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23451.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23445","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454804","bugzilla_description":"kernel: igc: fix page fault in XDP TX timestamps handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-459","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23445.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23454","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454805","bugzilla_description":"kernel: net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23454.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23474","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454806","bugzilla_description":"kernel: mtd: Avoid boot crash in RedBoot partition table parser","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-805","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23474.json"},{"CVE":"CVE-2026-23442","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454807","bugzilla_description":"kernel: ipv6: add NULL checks for idev in SRv6 paths","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23442.json","cvss3_scoring_vector":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-23471","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454808","bugzilla_description":"kernel: drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23471.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23462","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454809","bugzilla_description":"kernel: Bluetooth: HIDP: Fix possible UAF","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-911","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23462.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23455","severity":"important","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454810","bugzilla_description":"kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-191","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23455.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.0"},{"CVE":"CVE-2026-23438","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454812","bugzilla_description":"kernel: net: mvpp2: guard flow control update with global_tx_fc in buffer switching","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23438.json"},{"CVE":"CVE-2026-23434","severity":"low","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454813","bugzilla_description":"kernel: mtd: rawnand: serialize lock/unlock against other NAND operations","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-820","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23434.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-31394","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454814","bugzilla_description":"kernel: mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31394.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23430","severity":"low","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454815","bugzilla_description":"kernel: drm/vmwgfx: Don't overwrite KMS surface dirty tracker","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-911","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23430.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23458","severity":"low","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454816","bugzilla_description":"kernel: netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-911","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23458.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"4.4"},{"CVE":"CVE-2026-23427","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454817","bugzilla_description":"kernel: ksmbd: fix use-after-free in durable v2 replay of active file handles","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23427.json"},{"CVE":"CVE-2026-31401","severity":"low","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454818","bugzilla_description":"kernel: HID: bpf: prevent buffer overflow in hid_hw_request","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31401.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"4.4"},{"CVE":"CVE-2026-23452","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454820","bugzilla_description":"kernel: PM: runtime: Fix a race condition related to device removal","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-364","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23452.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23473","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454821","bugzilla_description":"kernel: io_uring/poll: fix multishot recv missing EOF on wakeup race","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-367","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23473.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-31390","severity":"low","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454824","bugzilla_description":"kernel: drm/xe: Fix memory leak in xe_vm_madvise_ioctl","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-459","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31390.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23453","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454825","bugzilla_description":"kernel: net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23453.json"},{"CVE":"CVE-2026-23460","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454827","bugzilla_description":"kernel: net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-367","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23460.json"},{"CVE":"CVE-2026-23461","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454828","bugzilla_description":"kernel: Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-413","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23461.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23469","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454830","bugzilla_description":"kernel: drm/imagination: Synchronize interrupts before suspending the GPU","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-364","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23469.json"},{"CVE":"CVE-2026-23436","severity":"low","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454831","bugzilla_description":"kernel: net: shaper: protect from late creation of hierarchy","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-367","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23436.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23431","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454832","bugzilla_description":"kernel: spi: amlogic-spisg: Fix memory leak in aml_spisg_probe()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23431.json"},{"CVE":"CVE-2026-23433","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454833","bugzilla_description":"kernel: arm_mpam: Fix null pointer dereference when restoring bandwidth counters","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23433.json"},{"CVE":"CVE-2026-23439","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454835","bugzilla_description":"kernel: udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23439.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23470","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454836","bugzilla_description":"kernel: drm/imagination: Fix deadlock in soft reset sequence","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-833","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23470.json"},{"CVE":"CVE-2026-23429","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454837","bugzilla_description":"kernel: iommu/sva: Fix crash in iommu_sva_unbind_device()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-364","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23429.json"},{"CVE":"CVE-2026-23447","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454838","bugzilla_description":"kernel: net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23447.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L","cvss3_score":"6.6"},{"CVE":"CVE-2026-31393","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454839","bugzilla_description":"kernel: Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-130","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31393.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"4.7"},{"CVE":"CVE-2026-23441","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454840","bugzilla_description":"kernel: net/mlx5e: Prevent concurrent access to IPSec ASO context","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-821","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23441.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23464","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454841","bugzilla_description":"kernel: soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23464.json"},{"CVE":"CVE-2026-23475","severity":"low","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454842","bugzilla_description":"kernel: spi: fix statistics allocation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-824","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23475.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-31402","severity":"important","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454844","bugzilla_description":"kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31402.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.0"},{"CVE":"CVE-2026-23467","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454845","bugzilla_description":"kernel: drm/i915/dmc: Fix an unlikely NULL pointer deference at probe","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23467.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23465","severity":"low","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454846","bugzilla_description":"kernel: btrfs: log new dentries when logging parent dir of a conflicting inode","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-821","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23465.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23463","severity":"low","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454847","bugzilla_description":"kernel: soc: fsl: qbman: fix race condition in qman_destroy_fq","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-367","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23463.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23468","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454848","bugzilla_description":"kernel: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23468.json"},{"CVE":"CVE-2026-31398","severity":"important","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454850","bugzilla_description":"kernel: mm/rmap: fix incorrect pte restoration for lazyfree folios","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-281","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31398.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.0"},{"CVE":"CVE-2026-23456","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454851","bugzilla_description":"kernel: netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23456.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H","cvss3_score":"6.4"},{"CVE":"CVE-2026-31392","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454853","bugzilla_description":"kernel: smb: client: fix krb5 mount with username option","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-488","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31392.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H","cvss3_score":"5.8"},{"CVE":"CVE-2026-31397","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454854","bugzilla_description":"kernel: mm/huge_memory: fix use of NULL folio in move_pages_huge_pmd()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31397.json"},{"CVE":"CVE-2026-31391","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454855","bugzilla_description":"kernel: crypto: atmel-sha204a - Fix OOM ->tfm_count leak","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-911","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31391.json"},{"CVE":"CVE-2026-23443","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454856","bugzilla_description":"kernel: ACPI: processor: Fix previous acpi_processor_errata_piix4() fix","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23443.json"},{"CVE":"CVE-2026-23440","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454857","bugzilla_description":"kernel: net/mlx5e: Fix race condition during IPSec ESN update","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-367","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23440.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"4.7"},{"CVE":"CVE-2026-23448","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454858","bugzilla_description":"kernel: net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1285","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23448.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-31389","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454859","bugzilla_description":"kernel: spi: fix use-after-free on controller registration failure","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31389.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"4.7"},{"CVE":"CVE-2026-31404","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454860","bugzilla_description":"kernel: NFSD: Defer sub-object cleanup in export put callbacks","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-364","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31404.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23472","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454862","bugzilla_description":"kernel: serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-474","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23472.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23459","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454863","bugzilla_description":"kernel: ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-821","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23459.json"},{"CVE":"CVE-2026-23428","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454864","bugzilla_description":"kernel: ksmbd: fix use-after-free of share_conf in compound request","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23428.json"},{"CVE":"CVE-2026-31396","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454865","bugzilla_description":"kernel: net: macb: fix use-after-free access to PTP clock","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31396.json"},{"CVE":"CVE-2026-23437","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454866","bugzilla_description":"kernel: net: shaper: protect late read accesses to the hierarchy","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23437.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23466","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454867","bugzilla_description":"kernel: drm/xe: Open-code GGTT MMIO access protection","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1220","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23466.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23449","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454868","bugzilla_description":"kernel: net/sched: teql: Fix double-free in teql_master_xmit","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-367","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23449.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23432","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454869","bugzilla_description":"kernel: mshv: Fix use-after-free in mshv_map_user_memory error path","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-763","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23432.json"},{"CVE":"CVE-2026-23446","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454870","bugzilla_description":"kernel: net: usb: aqc111: Do not perform PM inside suspend callback","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-833","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23446.json"},{"CVE":"CVE-2026-31399","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454871","bugzilla_description":"kernel: nvdimm/bus: Fix potential use after free in asynchronous initialization","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-911","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31399.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"4.7"},{"CVE":"CVE-2026-31395","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454872","bugzilla_description":"kernel: bnxt_en: fix OOB access in DBG_BUF_PRODUCER async event handler","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31395.json","cvss3_scoring_vector":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"6.3"},{"CVE":"CVE-2026-23435","severity":null,"public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454873","bugzilla_description":"kernel: perf/x86: Move event pointer setup earlier in x86_pmu_enable()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-364","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23435.json"},{"CVE":"CVE-2026-31403","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454874","bugzilla_description":"kernel: NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31403.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-31400","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454875","bugzilla_description":"kernel: sunrpc: fix cache_request leak in cache_release","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31400.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23444","severity":"moderate","public_date":"2026-04-03T00:00:00Z","advisories":[],"bugzilla":"2454876","bugzilla_description":"kernel: wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1341","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23444.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-34760","severity":"moderate","public_date":"2026-04-02T18:59:49Z","advisories":[],"bugzilla":"2454645","bugzilla_description":"vLLM: Librosa: numpy: Librosa: AI model data integrity impact due to audio processing discrepancy","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-358","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34760.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","cvss3_score":"5.9"},{"CVE":"CVE-2026-34743","severity":"moderate","public_date":"2026-04-02T18:36:37Z","advisories":[],"bugzilla":"2454589","bugzilla_description":"xz: XZ Utils: Denial of Service via buffer overflow in index decoding","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34743.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-34742","severity":"important","public_date":"2026-04-02T18:32:34Z","advisories":[],"bugzilla":"2454608","bugzilla_description":"github.com/modelcontextprotocol/go-sdk: Model Context Protocol (MCP) Go SDK: DNS rebinding vulnerability allows unauthorized access","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1188","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34742.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N","cvss3_score":"8.0"},{"CVE":"CVE-2026-34601","severity":"important","public_date":"2026-04-02T17:47:13Z","advisories":[],"bugzilla":"2454595","bugzilla_description":"xmldom: xmldom: XML structure injection via CDATA terminator","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-91","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34601.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-34591","severity":"moderate","public_date":"2026-04-02T17:35:07Z","advisories":[],"bugzilla":"2454513","bugzilla_description":"github.com/python-poetry/poetry: Poetry: Arbitrary file write via crafted package installation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34591.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-26962","severity":"moderate","public_date":"2026-04-02T17:10:17Z","advisories":[],"bugzilla":"2454511","bugzilla_description":"rack: Rack: Header injection and response splitting via incorrect multipart header parsing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-93","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26962.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"4.8"},{"CVE":"CVE-2026-34835","severity":"moderate","public_date":"2026-04-02T17:09:07Z","advisories":[],"bugzilla":"2454482","bugzilla_description":"rack: Rack: Host header poisoning due to malformed Host header bypasses validation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1286","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34835.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"4.8"},{"CVE":"CVE-2026-35414","severity":"moderate","public_date":"2026-04-02T17:08:15Z","advisories":[],"bugzilla":"2454490","bugzilla_description":"OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-168","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35414.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"4.8"},{"CVE":"CVE-2026-34827","severity":"important","public_date":"2026-04-02T17:07:48Z","advisories":[],"bugzilla":"2454501","bugzilla_description":"rack: Rack: Denial of Service via crafted multipart/form-data requests","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34827.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-32762","severity":"moderate","public_date":"2026-04-02T17:06:50Z","advisories":[],"bugzilla":"2454489","bugzilla_description":"rack: Rack: Parameter smuggling via improper Forwarded header parsing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-115","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32762.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"4.8"},{"CVE":"CVE-2026-35388","severity":"low","public_date":"2026-04-02T16:57:31Z","advisories":[],"bugzilla":"2454500","bugzilla_description":"OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-306","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35388.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N","cvss3_score":"2.2"},{"CVE":"CVE-2026-35387","severity":"low","public_date":"2026-04-02T16:52:53Z","advisories":[],"bugzilla":"2454494","bugzilla_description":"OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-115","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35387.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N","cvss3_score":"3.1"},{"CVE":"CVE-2026-34830","severity":"moderate","public_date":"2026-04-02T16:47:40Z","advisories":[],"bugzilla":"2454510","bugzilla_description":"rack: Rack: Information disclosure via regular expression injection in X-Accel-Mapping header","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-625","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34830.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"5.9"},{"CVE":"CVE-2026-34829","severity":"important","public_date":"2026-04-02T16:46:47Z","advisories":[],"bugzilla":"2454488","bugzilla_description":"rack: Rack: Denial of Service via unbounded multipart file upload","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34829.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-34826","severity":"moderate","public_date":"2026-04-02T16:45:53Z","advisories":[],"bugzilla":"2454508","bugzilla_description":"rack: Rack: Denial of Service via malicious HTTP Range header","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34826.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-34786","severity":"moderate","public_date":"2026-04-02T16:44:59Z","advisories":[],"bugzilla":"2454507","bugzilla_description":"rack: Rack: Security header bypass via URL-encoded static path requests","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-179","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34786.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-35386","severity":"low","public_date":"2026-04-02T16:44:27Z","advisories":[],"bugzilla":"2454506","bugzilla_description":"OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-78","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35386.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"3.6"},{"CVE":"CVE-2026-34785","severity":"important","public_date":"2026-04-02T16:44:17Z","advisories":[],"bugzilla":"2454486","bugzilla_description":"github.com/rack/rack: Rack: Information disclosure via incorrect static file serving prefix check","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-552","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34785.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-34763","severity":"moderate","public_date":"2026-04-02T16:43:42Z","advisories":[],"bugzilla":"2454498","bugzilla_description":"rack: Rack: Information disclosure via regular expression metacharacters in root path","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-41","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34763.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2026-34831","severity":"moderate","public_date":"2026-04-02T16:43:08Z","advisories":[],"bugzilla":"2454504","bugzilla_description":"rack: Rack: HTTP response desynchronization via incorrect Content-Length calculation with UTF-8 characters","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-135","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34831.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"4.8"},{"CVE":"CVE-2026-26961","severity":"low","public_date":"2026-04-02T16:42:16Z","advisories":[],"bugzilla":"2454483","bugzilla_description":"github.com/rack/rack: Rack: Content smuggling via multipart boundary parsing mismatch","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-444","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26961.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","cvss3_score":"3.7"},{"CVE":"CVE-2026-34230","severity":"moderate","public_date":"2026-04-02T16:41:21Z","advisories":[],"bugzilla":"2454493","bugzilla_description":"rack: Rack: Denial of Service via crafted Accept-Encoding header","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1050","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34230.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-35385","severity":"important","public_date":"2026-04-02T16:30:59Z","advisories":[],"bugzilla":"2454469","bugzilla_description":"OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-281","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35385.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-32871","severity":"important","public_date":"2026-04-02T14:52:39Z","advisories":[],"bugzilla":"2454434","bugzilla_description":"fastmcp: FastMCP: Authenticated Server-Side Request Forgery via path traversal in OpenAPI path parameters","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-918","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32871.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","cvss3_score":"8.5"},{"CVE":"CVE-2026-31937","severity":"important","public_date":"2026-04-02T14:38:22Z","advisories":[],"bugzilla":"2454377","bugzilla_description":"Suricata: Suricata: Denial of Service via DCERPC buffering inefficiency","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31937.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-31935","severity":"important","public_date":"2026-04-02T14:36:44Z","advisories":[],"bugzilla":"2454366","bugzilla_description":"Suricata: Suricata: Denial of Service via HTTP2 continuation frame flooding","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31935.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-5342","severity":"moderate","public_date":"2026-04-02T14:30:14Z","advisories":[],"bugzilla":"2454372","bugzilla_description":"LibRaw: LibRaw: Out-of-bounds read via `load_flags/raw_width` argument manipulation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5342.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-31934","severity":"important","public_date":"2026-04-02T14:21:08Z","advisories":[],"bugzilla":"2454374","bugzilla_description":"Suricata: Suricata: Denial of Service via quadratic complexity in URL search of MIME-encoded SMTP messages","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1333","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31934.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-31933","severity":"important","public_date":"2026-04-02T14:03:35Z","advisories":[],"bugzilla":"2454375","bugzilla_description":"Suricata: Suricata: Denial of Service due to specially crafted network traffic","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31933.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-31932","severity":"important","public_date":"2026-04-02T14:02:40Z","advisories":[],"bugzilla":"2454367","bugzilla_description":"Suricata: Suricata: Denial of Service due to inefficiency in KRB5 buffering","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31932.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-31931","severity":"important","public_date":"2026-04-02T14:01:03Z","advisories":[],"bugzilla":"2454369","bugzilla_description":"Suricata: Suricata: Denial of Service via 'tls.alpn' rule keyword","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31931.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-3872","severity":"important","public_date":"2026-04-02T12:30:00Z","advisories":["RHSA-2026:6478","RHSA-2026:6477","RHSA-2026:6476","RHSA-2026:6475"],"bugzilla":"2445988","bugzilla_description":"keycloak: Keycloak: Information disclosure due to redirect_uri validation bypass","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-601","affected_packages":["rhbk/keycloak-rhel9-operator:26.2-18","rhbk/keycloak-rhel9","rhbk/keycloak-operator-bundle:26.4.11-1","rhbk/keycloak-rhel9:26.2-18","rhbk/keycloak-operator-bundle:26.2.15-1","rhbk/keycloak-rhel9-operator:26.4-14","rhbk/keycloak-rhel9:26.4-14"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3872.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N","cvss3_score":"7.3"},{"CVE":"CVE-2026-4282","severity":"important","public_date":"2026-04-02T12:30:00Z","advisories":["RHSA-2026:6478","RHSA-2026:6477","RHSA-2026:6476","RHSA-2026:6475"],"bugzilla":"2448061","bugzilla_description":"keycloak: Keycloak: Privilege escalation via forged authorization codes due to SingleUseObjectProvider isolation flaw","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-653","affected_packages":["rhbk/keycloak-rhel9-operator:26.2-18","rhbk/keycloak-rhel9","rhbk/keycloak-operator-bundle:26.4.11-1","rhbk/keycloak-rhel9:26.2-18","rhbk/keycloak-operator-bundle:26.2.15-1","rhbk/keycloak-rhel9-operator:26.4-14","rhbk/keycloak-rhel9:26.4-14"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4282.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"7.4"},{"CVE":"CVE-2026-4325","severity":"moderate","public_date":"2026-04-02T12:30:00Z","advisories":["RHSA-2026:6478","RHSA-2026:6477","RHSA-2026:6476","RHSA-2026:6475"],"bugzilla":"2448351","bugzilla_description":"keycloak: Keycloak: Replay of action tokens via improper handling of single-use entries","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-653","affected_packages":["rhbk/keycloak-rhel9-operator:26.2-18","rhbk/keycloak-rhel9","rhbk/keycloak-operator-bundle:26.4.11-1","rhbk/keycloak-rhel9:26.2-18","rhbk/keycloak-operator-bundle:26.2.15-1","rhbk/keycloak-rhel9-operator:26.4-14","rhbk/keycloak-rhel9:26.4-14"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4325.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2026-4634","severity":"important","public_date":"2026-04-02T12:30:00Z","advisories":["RHSA-2026:6478","RHSA-2026:6477","RHSA-2026:6476","RHSA-2026:6475"],"bugzilla":"2450250","bugzilla_description":"keycloak: Keycloak: Denial of Service via excessive processing of OpenID Connect scope parameters","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1050","affected_packages":["rhbk/keycloak-rhel9-operator:26.2-18","rhbk/keycloak-rhel9","rhbk/keycloak-operator-bundle:26.4.11-1","rhbk/keycloak-rhel9:26.2-18","rhbk/keycloak-operator-bundle:26.2.15-1","rhbk/keycloak-rhel9-operator:26.4-14","rhbk/keycloak-rhel9:26.4-14"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4634.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4636","severity":"important","public_date":"2026-04-02T12:30:00Z","advisories":["RHSA-2026:6478","RHSA-2026:6477","RHSA-2026:6476","RHSA-2026:6475"],"bugzilla":"2450251","bugzilla_description":"keycloak: Keycloak: UMA policy bypass allows authenticated users to gain unauthorized access to victim-owned resources.","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-551","affected_packages":["rhbk/keycloak-rhel9-operator:26.2-18","rhbk/keycloak-rhel9","rhbk/keycloak-operator-bundle:26.4.11-1","rhbk/keycloak-rhel9:26.2-18","rhbk/keycloak-operator-bundle:26.2.15-1","rhbk/keycloak-rhel9-operator:26.4-14","rhbk/keycloak-rhel9:26.4-14"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4636.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"8.1"},{"CVE":"CVE-2026-5318","severity":"moderate","public_date":"2026-04-02T01:45:12Z","advisories":[],"bugzilla":"2454185","bugzilla_description":"LibRaw: LibRaw: Denial of Service via out-of-bounds write in JPEG DHT Parser","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5318.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-5317","severity":"moderate","public_date":"2026-04-02T00:45:13Z","advisories":[],"bugzilla":"2454179","bugzilla_description":"nothings stb: Nothings stb: Remote out-of-bounds write vulnerability","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5317.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","cvss3_score":"6.3"},{"CVE":"CVE-2026-23414","severity":"moderate","public_date":"2026-04-02T00:00:00Z","advisories":[],"bugzilla":"2454314","bugzilla_description":"kernel: tls: Purge async_hold in tls_decrypt_async_wait()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-911","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23414.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23417","severity":"low","public_date":"2026-04-02T00:00:00Z","advisories":[],"bugzilla":"2454315","bugzilla_description":"kernel: bpf: Fix constant blinding for PROBE_MEM32 stores","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-807","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23417.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23416","severity":null,"public_date":"2026-04-02T00:00:00Z","advisories":[],"bugzilla":"2454316","bugzilla_description":"kernel: mm/mseal: update VMA end correctly on merge","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23416.json"},{"CVE":"CVE-2026-23413","severity":"moderate","public_date":"2026-04-02T00:00:00Z","advisories":[],"bugzilla":"2454317","bugzilla_description":"kernel: clsact: Fix use-after-free in init/destroy rollback asymmetry","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-911","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23413.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23412","severity":"moderate","public_date":"2026-04-02T00:00:00Z","advisories":[],"bugzilla":"2454319","bugzilla_description":"kernel: netfilter: bpf: defer hook memory release until rcu readers are done","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-364","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23412.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23415","severity":"moderate","public_date":"2026-04-02T00:00:00Z","advisories":[],"bugzilla":"2454320","bugzilla_description":"kernel: futex: Fix UaF between futex_key_to_node_opt() and vma_replace_policy()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-367","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23415.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H","cvss3_score":"5.7"},{"CVE":"CVE-2026-5315","severity":"moderate","public_date":"2026-04-01T23:15:12Z","advisories":[],"bugzilla":"2454167","bugzilla_description":"Nothings stb: Nothings stb: Denial of Service via out-of-bounds read in TTF file handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5315.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-5314","severity":"moderate","public_date":"2026-04-01T22:15:15Z","advisories":[],"bugzilla":"2454161","bugzilla_description":"Nothings stb: stb_truetype.h: Nothings stb: Denial of Service via out-of-bounds read in stb_truetype.h","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5314.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-5313","severity":"moderate","public_date":"2026-04-01T21:30:13Z","advisories":[],"bugzilla":"2454134","bugzilla_description":"Nothings stb: Nothings stb: Denial of Service in GIF Decoder via stbi__gif_load_next function","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1286","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5313.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-34543","severity":"moderate","public_date":"2026-04-01T20:56:18Z","advisories":[],"bugzilla":"2454144","bugzilla_description":"OpenEXR: OpenEXR: Information disclosure via malicious EXR file","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-824","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34543.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-34544","severity":"moderate","public_date":"2026-04-01T20:55:30Z","advisories":[],"bugzilla":"2454127","bugzilla_description":"OpenEXR: OpenEXR: Memory corruption and Denial of Service via crafted EXR file processing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34544.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H","cvss3_score":"6.6"},{"CVE":"CVE-2026-34545","severity":"important","public_date":"2026-04-01T20:51:45Z","advisories":[],"bugzilla":"2454139","bugzilla_description":"OpenEXR: OpenEXR: Remote code execution via crafted EXR files","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1284","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34545.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-34525","severity":"moderate","public_date":"2026-04-01T20:28:46Z","advisories":[],"bugzilla":"2454096","bugzilla_description":"aiohttp: aiohttp: Security bypass via multiple Host headers","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-444","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34525.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N","cvss3_score":"5.4"},{"CVE":"CVE-2026-34520","severity":"low","public_date":"2026-04-01T20:27:48Z","advisories":[],"bugzilla":"2454094","bugzilla_description":"aiohttp: AIOHTTP: Header injection vulnerability due to improper character handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1286","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34520.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","cvss3_score":"3.7"},{"CVE":"CVE-2026-34519","severity":"moderate","public_date":"2026-04-01T20:26:25Z","advisories":[],"bugzilla":"2454100","bugzilla_description":"aiohttp: aiohttp: Header injection vulnerability via reason parameter","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1286","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34519.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2026-34518","severity":"low","public_date":"2026-04-01T20:15:22Z","advisories":[],"bugzilla":"2454098","bugzilla_description":"aiohttp: AIOHTTP: Information disclosure via retained Cookie and Proxy-Authorization headers during redirects","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-497","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34518.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","cvss3_score":"3.7"},{"CVE":"CVE-2026-34517","severity":"low","public_date":"2026-04-01T20:14:15Z","advisories":[],"bugzilla":"2454095","bugzilla_description":"aiohttp: AIOHTTP: Denial of Service via large multipart form fields","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34517.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"3.7"},{"CVE":"CVE-2026-34516","severity":"moderate","public_date":"2026-04-01T20:13:04Z","advisories":[],"bugzilla":"2454112","bugzilla_description":"aiohttp: AIOHTTP: Denial of Service via excessive multipart headers","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34516.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-34515","severity":"moderate","public_date":"2026-04-01T20:10:48Z","advisories":[],"bugzilla":"2454113","bugzilla_description":"aiohttp: AIOHTTP: Information disclosure via static resource handler on Windows","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-497","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34515.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2026-34514","severity":"moderate","public_date":"2026-04-01T20:09:50Z","advisories":[],"bugzilla":"2454102","bugzilla_description":"aiohttp: AIOHTTP: Header Injection via content_type parameter manipulation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-93","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34514.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2026-22815","severity":"moderate","public_date":"2026-04-01T20:08:08Z","advisories":[],"bugzilla":"2454093","bugzilla_description":"aiohttp: AIOHTTP: Denial of Service via insufficient header/trailer handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22815.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-34513","severity":"low","public_date":"2026-04-01T20:06:13Z","advisories":[],"bugzilla":"2454107","bugzilla_description":"aiohttp: AIOHTTP: Denial of Service due to unbounded DNS cache","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34513.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"3.7"},{"CVE":"CVE-2026-34446","severity":"moderate","public_date":"2026-04-01T17:37:54Z","advisories":[],"bugzilla":"2454371","bugzilla_description":"onnx: ONNX: Information disclosure through hardlink path traversal","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-41","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34446.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"4.7"},{"CVE":"CVE-2026-27489","severity":"important","public_date":"2026-04-01T17:33:51Z","advisories":[],"bugzilla":"2453929","bugzilla_description":"onnx: ONNX: Information Disclosure via Path Traversal Vulnerability","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27489.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","cvss3_score":"8.6"},{"CVE":"CVE-2026-34445","severity":"moderate","public_date":"2026-04-01T17:30:19Z","advisories":[],"bugzilla":"2453930","bugzilla_description":"ONNX: python: ONNX: Denial of Service and potential information disclosure via malicious model metadata","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-915","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34445.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:H","cvss3_score":"7.3"},{"CVE":"CVE-2026-35092","severity":"moderate","public_date":"2026-04-01T11:48:22Z","advisories":[],"bugzilla":"2453814","bugzilla_description":"corosync: Corosync: Denial of Service via integer overflow in join message validation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35092.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-35091","severity":"moderate","public_date":"2026-04-01T11:48:13Z","advisories":[],"bugzilla":"2453813","bugzilla_description":"corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-253","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35091.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","cvss3_score":"8.2"},{"CVE":"CVE-2026-23406","severity":null,"public_date":"2026-04-01T00:00:00Z","advisories":[],"bugzilla":"2453788","bugzilla_description":"kernel: apparmor: fix side-effect bug in match_char() macro usage","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-788","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23406.json"},{"CVE":"CVE-2026-23411","severity":null,"public_date":"2026-04-01T00:00:00Z","advisories":[],"bugzilla":"2453789","bugzilla_description":"kernel: apparmor: fix race between freeing data and fs accessing it","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23411.json"},{"CVE":"CVE-2026-23410","severity":"moderate","public_date":"2026-04-01T00:00:00Z","advisories":[],"bugzilla":"2453793","bugzilla_description":"kernel: apparmor: fix race on rawdata dereference","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-911","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23410.json"},{"CVE":"CVE-2026-23407","severity":"moderate","public_date":"2026-04-01T00:00:00Z","advisories":[],"bugzilla":"2453794","bugzilla_description":"kernel: apparmor: fix missing bounds check on DEFAULT table in verify_dfa()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1285","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23407.json"},{"CVE":"CVE-2026-23405","severity":null,"public_date":"2026-04-01T00:00:00Z","advisories":[],"bugzilla":"2453795","bugzilla_description":"kernel: apparmor: fix: limit the number of levels of policy namespaces","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23405.json"},{"CVE":"CVE-2026-23403","severity":null,"public_date":"2026-04-01T00:00:00Z","advisories":[],"bugzilla":"2453796","bugzilla_description":"kernel: apparmor: fix memory leak in verify_header","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-763","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23403.json"},{"CVE":"CVE-2026-23408","severity":null,"public_date":"2026-04-01T00:00:00Z","advisories":[],"bugzilla":"2453798","bugzilla_description":"kernel: apparmor: Fix double free of ns_name in aa_replace_profiles()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1341","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23408.json"},{"CVE":"CVE-2026-23404","severity":null,"public_date":"2026-04-01T00:00:00Z","advisories":[],"bugzilla":"2453799","bugzilla_description":"kernel: apparmor: replace recursive profile removal with iterative approach","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23404.json"},{"CVE":"CVE-2026-23402","severity":"low","public_date":"2026-04-01T00:00:00Z","advisories":[],"bugzilla":"2453800","bugzilla_description":"kernel: KVM: x86/mmu: Only WARN in direct MMUs when overwriting shadow-present SPTE","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-501","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23402.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23401","severity":"important","public_date":"2026-04-01T00:00:00Z","advisories":[],"bugzilla":"2453803","bugzilla_description":"kernel: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-416","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23401.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","cvss3_score":"8.1"},{"CVE":"CVE-2026-23409","severity":null,"public_date":"2026-04-01T00:00:00Z","advisories":[],"bugzilla":"2453804","bugzilla_description":"kernel: apparmor: fix differential encoding verification","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-372","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23409.json"},{"CVE":"CVE-2026-35093","severity":"important","public_date":"2026-04-01T00:00:00Z","advisories":[],"bugzilla":"2453839","bugzilla_description":"libinput: libinput: Unauthorized code execution and information disclosure through Lua bytecode plugins","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-94","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35093.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-35094","severity":"moderate","public_date":"2026-04-01T00:00:00Z","advisories":[],"bugzilla":"2453840","bugzilla_description":"libinput: libinput: Information disclosure via dangling pointer in Lua plugin handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-35094.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","cvss3_score":"3.3"},{"CVE":"CVE-2026-34875","severity":"critical","public_date":"2026-04-01T00:00:00Z","advisories":[],"bugzilla":"2453963","bugzilla_description":"mbedtls: Mbed TLS and TF-PSA-Crypto: Arbitrary code execution due to buffer overflow in FFDH key export","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34875.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"9.8"},{"CVE":"CVE-2026-34872","severity":"important","public_date":"2026-04-01T00:00:00Z","advisories":[],"bugzilla":"2453966","bugzilla_description":"mbedtls: Mbed TLS and TF-PSA-Crypto: Shared secret manipulation via improper FFDH input validation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1287","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34872.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-25834","severity":"moderate","public_date":"2026-04-01T00:00:00Z","advisories":[],"bugzilla":"2453967","bugzilla_description":"mbedtls: Mbed TLS: Algorithm downgrade vulnerability","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-358","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25834.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","cvss3_score":"6.5"},{"CVE":"CVE-2025-66442","severity":"moderate","public_date":"2026-04-01T00:00:00Z","advisories":[],"bugzilla":"2453969","bugzilla_description":"mbedtls: Mbed TLS and TF-PSA-Crypto: Information disclosure via compiler-induced timing side channel","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-733","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66442.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"5.9"},{"CVE":"CVE-2026-34873","severity":"critical","public_date":"2026-04-01T00:00:00Z","advisories":[],"bugzilla":"2454108","bugzilla_description":"mbedtls: Mbed TLS: Client impersonation during TLS 1.3 session resumption","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-290","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34873.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","cvss3_score":"10.0"},{"CVE":"CVE-2026-4800","severity":"important","public_date":"2026-03-31T19:25:55Z","advisories":[],"bugzilla":"2453496","bugzilla_description":"lodash: lodash: Arbitrary code execution via untrusted input in template imports","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-94","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4800.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"8.1"},{"CVE":"CVE-2026-33762","severity":"low","public_date":"2026-03-31T13:47:42Z","advisories":[],"bugzilla":"2453382","bugzilla_description":"github.com/go-git/go-git/v5: go-git: Denial of Service via crafted Git index file","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1284","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33762.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L","cvss3_score":"2.8"},{"CVE":"CVE-2026-34165","severity":"moderate","public_date":"2026-03-31T13:46:37Z","advisories":[],"bugzilla":"2453379","bugzilla_description":"github.com/go-git/go-git/v5: go-git: Denial of Service via crafted .idx file","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34165.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"5.0"},{"CVE":"CVE-2026-34881","severity":"moderate","public_date":"2026-03-31T05:29:08Z","advisories":[],"bugzilla":"2453289","bugzilla_description":"OpenStack Glance: OpenStack Glance: Server-Side Request Forgery via HTTP redirects in image import","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-918","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34881.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N","cvss3_score":"5.0"},{"CVE":"CVE-2026-34073","severity":"low","public_date":"2026-03-31T02:04:36Z","advisories":[],"bugzilla":"2453276","bugzilla_description":"cryptography: python: Cryptography: Security bypass due to improper DNS name constraint validation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-295","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34073.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","cvss3_score":"3.7"},{"CVE":"CVE-2026-34070","severity":"important","public_date":"2026-03-31T02:01:49Z","advisories":[],"bugzilla":"2453287","bugzilla_description":"langchain: path traversal in legacy load_prompt functions in langchain-core","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34070.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-34043","severity":"moderate","public_date":"2026-03-31T01:48:45Z","advisories":[],"bugzilla":"2453284","bugzilla_description":"serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-835","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34043.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.9"},{"CVE":"CVE-2026-33997","severity":"important","public_date":"2026-03-31T01:36:51Z","advisories":[],"bugzilla":"2453277","bugzilla_description":"moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-266","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33997.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"8.4"},{"CVE":"CVE-2026-34040","severity":"moderate","public_date":"2026-03-31T01:36:48Z","advisories":[],"bugzilla":"2453278","bugzilla_description":"Moby: Moby: Authorization bypass vulnerability","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-807","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34040.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","cvss3_score":"8.4"},{"CVE":"CVE-2026-5201","severity":"important","public_date":"2026-03-31T00:00:00Z","advisories":[],"bugzilla":"2453291","bugzilla_description":"gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-122","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5201.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-5272","severity":"important","public_date":"2026-03-31T00:00:00Z","advisories":[],"bugzilla":"2453680","bugzilla_description":"chromium-browser: Heap buffer overflow in GPU","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5272.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-5283","severity":"important","public_date":"2026-03-31T00:00:00Z","advisories":[],"bugzilla":"2453681","bugzilla_description":"chromium-browser: Inappropriate implementation in ANGLE","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-346","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5283.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N","cvss3_score":"7.4"},{"CVE":"CVE-2026-5287","severity":"important","public_date":"2026-03-31T00:00:00Z","advisories":[],"bugzilla":"2453683","bugzilla_description":"chromium-browser: Use after free in PDF","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5287.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-5284","severity":"important","public_date":"2026-03-31T00:00:00Z","advisories":[],"bugzilla":"2453684","bugzilla_description":"chromium-browser: Use after free in Dawn","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5284.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-5278","severity":"important","public_date":"2026-03-31T00:00:00Z","advisories":[],"bugzilla":"2453687","bugzilla_description":"chromium-browser: Use after free in Web MIDI","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5278.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-5282","severity":"important","public_date":"2026-03-31T00:00:00Z","advisories":[],"bugzilla":"2453688","bugzilla_description":"chromium-browser: Out of bounds read in WebCodecs","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5282.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-5286","severity":"important","public_date":"2026-03-31T00:00:00Z","advisories":[],"bugzilla":"2453690","bugzilla_description":"chromium-browser: Use after free in Dawn","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5286.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-5285","severity":"important","public_date":"2026-03-31T00:00:00Z","advisories":[],"bugzilla":"2453691","bugzilla_description":"chromium-browser: Use after free in WebGL","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5285.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-5274","severity":"important","public_date":"2026-03-31T00:00:00Z","advisories":[],"bugzilla":"2453692","bugzilla_description":"chromium-browser: Integer overflow in Codecs","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5274.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-5275","severity":"important","public_date":"2026-03-31T00:00:00Z","advisories":[],"bugzilla":"2453693","bugzilla_description":"chromium-browser: Heap buffer overflow in ANGLE","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5275.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-5273","severity":"important","public_date":"2026-03-31T00:00:00Z","advisories":[],"bugzilla":"2453694","bugzilla_description":"chromium-browser: Use after free in CSS","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5273.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-5276","severity":"important","public_date":"2026-03-31T00:00:00Z","advisories":[],"bugzilla":"2453695","bugzilla_description":"chromium-browser: Insufficient policy enforcement in WebUSB","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-280","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5276.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-5277","severity":"important","public_date":"2026-03-31T00:00:00Z","advisories":[],"bugzilla":"2453696","bugzilla_description":"chromium-browser: Integer overflow in ANGLE","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5277.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.0"},{"CVE":"CVE-2026-5279","severity":"important","public_date":"2026-03-31T00:00:00Z","advisories":[],"bugzilla":"2453697","bugzilla_description":"chromium-browser: Object corruption in V8","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-843","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5279.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-5280","severity":"important","public_date":"2026-03-31T00:00:00Z","advisories":[],"bugzilla":"2453698","bugzilla_description":"chromium-browser: Use after free in WebCodecs","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5280.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-5291","severity":"moderate","public_date":"2026-03-31T00:00:00Z","advisories":[],"bugzilla":"2453699","bugzilla_description":"chromium-browser: Inappropriate implementation in WebGL","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5291.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-5281","severity":"important","public_date":"2026-03-31T00:00:00Z","advisories":[],"bugzilla":"2453700","bugzilla_description":"chromium-browser: Use after free in Dawn","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5281.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.0"},{"CVE":"CVE-2026-33995","severity":"moderate","public_date":"2026-03-30T21:43:49Z","advisories":[],"bugzilla":"2453222","bugzilla_description":"FreeRDP: FreeRDP: Denial of Service via double-free vulnerability during NLA connection teardown","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33995.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-33987","severity":"moderate","public_date":"2026-03-30T21:43:39Z","advisories":[],"bugzilla":"2453226","bugzilla_description":"FreeRDP: FreeRDP: Memory corruption vulnerability allows denial of service or arbitrary code execution","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33987.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.8"},{"CVE":"CVE-2026-33986","severity":"important","public_date":"2026-03-30T21:43:21Z","advisories":[],"bugzilla":"2453221","bugzilla_description":"FreeRDP: FreeRDP: Arbitrary code execution or denial of service via H.264 codec memory allocation vulnerability","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33986.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-33985","severity":"moderate","public_date":"2026-03-30T21:43:13Z","advisories":[],"bugzilla":"2453217","bugzilla_description":"FreeRDP: FreeRDP: Information disclosure via heap memory out of bounds read","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33985.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2026-33984","severity":"important","public_date":"2026-03-30T21:42:57Z","advisories":[],"bugzilla":"2453219","bugzilla_description":"FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution via crafted pixel data","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33984.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-33983","severity":"important","public_date":"2026-03-30T21:42:27Z","advisories":[],"bugzilla":"2453220","bugzilla_description":"FreeRDP: FreeRDP: Denial of Service via specially crafted Remote Desktop Protocol messages","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33983.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-33952","severity":"moderate","public_date":"2026-03-30T21:42:00Z","advisories":[],"bugzilla":"2453223","bugzilla_description":"FreeRDP: FreeRDP: Denial of Service via unvalidated authentication length field","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-130","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33952.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-33977","severity":"moderate","public_date":"2026-03-30T21:41:36Z","advisories":[],"bugzilla":"2453224","bugzilla_description":"FreeRDP: FreeRDP: Denial of Service via malformed IMA ADPCM audio data","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1285","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33977.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-32877","severity":"moderate","public_date":"2026-03-30T20:36:43Z","advisories":[],"bugzilla":"2453209","bugzilla_description":"Botan: Botan: Denial of Service via heap over-read during SM2 decryption","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1284","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32877.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-32883","severity":"moderate","public_date":"2026-03-30T20:36:30Z","advisories":[],"bugzilla":"2453204","bugzilla_description":"Botan: Botan: Compromised certificate validation integrity via unverified OCSP response signatures","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-347","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32883.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N","cvss3_score":"6.8"},{"CVE":"CVE-2026-21710","severity":"important","public_date":"2026-03-30T19:07:28Z","advisories":["RHSA-2026:7080","RHSA-2026:7123"],"bugzilla":"2453151","bugzilla_description":"Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-843","affected_packages":["nodejs22-1:22.22.2-1.el10_1","nodejs:22-8100020260331102257.6d880403"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21710.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-21715","severity":"low","public_date":"2026-03-30T19:07:28Z","advisories":[],"bugzilla":"2453152","bugzilla_description":"Node.js: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-425","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21715.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","cvss3_score":"3.3"},{"CVE":"CVE-2026-21716","severity":"low","public_date":"2026-03-30T19:07:28Z","advisories":[],"bugzilla":"2453157","bugzilla_description":"nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-279","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21716.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N","cvss3_score":"3.8"},{"CVE":"CVE-2026-21711","severity":"moderate","public_date":"2026-03-30T19:07:28Z","advisories":[],"bugzilla":"2453158","bugzilla_description":"Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-940","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21711.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","cvss3_score":"5.2"},{"CVE":"CVE-2026-21713","severity":"moderate","public_date":"2026-03-30T19:07:28Z","advisories":[],"bugzilla":"2453160","bugzilla_description":"Node.js: Node.js: Information disclosure via timing oracle in HMAC verification","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-208","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21713.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"5.9"},{"CVE":"CVE-2026-21714","severity":"moderate","public_date":"2026-03-30T19:07:28Z","advisories":[],"bugzilla":"2453161","bugzilla_description":"Node.js: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21714.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-21717","severity":"moderate","public_date":"2026-03-30T19:07:28Z","advisories":[],"bugzilla":"2453162","bugzilla_description":"nodejs: v8: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-328","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21717.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.9"},{"CVE":"CVE-2026-34714","severity":"important","public_date":"2026-03-30T18:27:55Z","advisories":[],"bugzilla":"2453139","bugzilla_description":"vim: Vim: Arbitrary code execution via crafted file","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-917","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34714.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"8.6"},{"CVE":"CVE-2026-4046","severity":"moderate","public_date":"2026-03-30T17:16:11Z","advisories":[],"bugzilla":"2453117","bugzilla_description":"glibc: glibc: Denial of Service via iconv() function with specific character sets","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-617","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4046.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2025-66215","severity":"low","public_date":"2026-03-30T17:06:16Z","advisories":[],"bugzilla":"2453119","bugzilla_description":"OpenSC: OpenSC: Stack-buffer-overflow with physical access via crafted smart card or USB device","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66215.json","cvss3_scoring_vector":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","cvss3_score":"3.8"},{"CVE":"CVE-2025-66038","severity":"low","public_date":"2026-03-30T17:03:55Z","advisories":[],"bugzilla":"2453118","bugzilla_description":"OpenSC: OpenSC: Memory corruption via improper compact-TLV length validation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-805","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66038.json","cvss3_scoring_vector":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","cvss3_score":"3.9"},{"CVE":"CVE-2025-66037","severity":"low","public_date":"2026-03-30T17:01:27Z","advisories":[],"bugzilla":"2453122","bugzilla_description":"OpenSC: OpenSC: Out-of-bounds read via crafted input","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66037.json","cvss3_scoring_vector":"CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L","cvss3_score":"3.9"},{"CVE":"CVE-2025-49010","severity":"low","public_date":"2026-03-30T16:59:25Z","advisories":[],"bugzilla":"2453121","bugzilla_description":"OpenSC: OpenSC: Stack-buffer-overflow via crafted smart card or USB device responses","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49010.json","cvss3_scoring_vector":"CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L","cvss3_score":"3.8"},{"CVE":"CVE-2026-21712","severity":"moderate","public_date":"2026-03-30T15:13:59Z","advisories":[],"bugzilla":"2453037","bugzilla_description":"Node.js: Node.js: Denial of Service via malformed Internationalized Domain Name processing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-168","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21712.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-5164","severity":"moderate","public_date":"2026-03-30T12:34:00Z","advisories":[],"bugzilla":"2453014","bugzilla_description":"virtio-win: virtio-win: Denial of Service via unvalidated descriptor count in unmap request","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5164.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"6.7"},{"CVE":"CVE-2026-5165","severity":"moderate","public_date":"2026-03-30T12:34:00Z","advisories":[],"bugzilla":"2453015","bugzilla_description":"virtio-win: virtio-win: Memory corruption via use-after-free in VirtIO BLK device reset","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5165.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"6.7"},{"CVE":"CVE-2026-5121","severity":"moderate","public_date":"2026-03-30T07:44:15Z","advisories":[],"bugzilla":null,"bugzilla_description":null,"cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5121.json"},{"CVE":"CVE-2025-15379","severity":"important","public_date":"2026-03-30T07:16:57Z","advisories":[],"bugzilla":"2452949","bugzilla_description":"mlflow: MLflow: Arbitrary command execution via command injection in model serving container initialization.","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-78","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15379.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.0"},{"CVE":"CVE-2026-5119","severity":"moderate","public_date":"2026-03-30T05:30:32Z","advisories":[],"bugzilla":"2452932","bugzilla_description":"libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-319","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5119.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N","cvss3_score":"5.9"},{"CVE":"CVE-2026-5107","severity":"moderate","public_date":"2026-03-30T05:00:19Z","advisories":[],"bugzilla":"2452939","bugzilla_description":"FRRouting FRR: frr: FRRouting FRR: Improper access controls in EVPN Type-2 Route Handler","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-807","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5107.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L","cvss3_score":"4.2"},{"CVE":"CVE-2025-15036","severity":"important","public_date":"2026-03-30T01:16:06Z","advisories":[],"bugzilla":"2452925","bugzilla_description":"mlflow: mlflow: Path traversal vulnerability allows arbitrary file overwrite and privilege escalation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15036.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-2370","severity":"important","public_date":"2026-03-29T23:33:44Z","advisories":[],"bugzilla":"2452920","bugzilla_description":"GitLab: GitLab: Improper authorization allows credential disclosure and GitLab app impersonation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-233","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2370.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"8.1"},{"CVE":"CVE-2026-4176","severity":"moderate","public_date":"2026-03-29T20:50:51Z","advisories":[],"bugzilla":"2452916","bugzilla_description":"Perl: Compress::Raw::Zlib: zlib: Perl: Multiple vulnerabilities due to an outdated vendored zlib library","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1104","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4176.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H","cvss3_score":"7.0"},{"CVE":"CVE-2026-23400","severity":null,"public_date":"2026-03-29T00:00:00Z","advisories":[],"bugzilla":"2452844","bugzilla_description":"kernel: rust_binder: call set_notification_done() without proc lock","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-833","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23400.json"},{"CVE":"CVE-2026-20643","severity":"moderate","public_date":"2026-03-28T20:00:00Z","advisories":[],"bugzilla":"2453000","bugzilla_description":"webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-346","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-20643.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","cvss3_score":"5.4"},{"CVE":"CVE-2026-20664","severity":"important","public_date":"2026-03-28T20:00:00Z","advisories":[],"bugzilla":"2453001","bugzilla_description":"webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-20664.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-20665","severity":"moderate","public_date":"2026-03-28T20:00:00Z","advisories":[],"bugzilla":"2453002","bugzilla_description":"webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-693","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-20665.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L","cvss3_score":"5.4"},{"CVE":"CVE-2026-20691","severity":"moderate","public_date":"2026-03-28T20:00:00Z","advisories":[],"bugzilla":"2453003","bugzilla_description":"webkitgtk: A maliciously crafted webpage may be able to fingerprint the user","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-497","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-20691.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","cvss3_score":"4.3"},{"CVE":"CVE-2026-28857","severity":"important","public_date":"2026-03-28T20:00:00Z","advisories":[],"bugzilla":"2453004","bugzilla_description":"webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28857.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-28859","severity":"important","public_date":"2026-03-28T20:00:00Z","advisories":[],"bugzilla":"2453006","bugzilla_description":"webkitgtk: A malicious website may be able to process restricted web content outside the sandbox","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28859.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-28861","severity":"important","public_date":"2026-03-28T20:00:00Z","advisories":[],"bugzilla":"2453007","bugzilla_description":"webkitgtk: A malicious website may be able to access script message handlers intended for other origins","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-346","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28861.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","cvss3_score":"4.3"},{"CVE":"CVE-2026-28871","severity":"moderate","public_date":"2026-03-28T20:00:00Z","advisories":[],"bugzilla":"2453008","bugzilla_description":"webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-79","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28871.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","cvss3_score":"4.3"},{"CVE":"CVE-2026-23399","severity":"low","public_date":"2026-03-28T00:00:00Z","advisories":[],"bugzilla":"2452569","bugzilla_description":"kernel: nf_tables: nft_dynset: fix possible stateful expression memleak in error path","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23399.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-33996","severity":"moderate","public_date":"2026-03-27T22:21:21Z","advisories":[],"bugzilla":"2452531","bugzilla_description":"LibJWT: LibJWT: Denial of Service via crafted JSON Web Key (JWK) files","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33996.json","cvss3_scoring_vector":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H","cvss3_score":"5.9"},{"CVE":"CVE-2026-33994","severity":"moderate","public_date":"2026-03-27T22:15:47Z","advisories":[],"bugzilla":"2452530","bugzilla_description":"locutus: Locutus: Prototype pollution vulnerability in parse_str function","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-915","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33994.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2026-33993","severity":"moderate","public_date":"2026-03-27T22:14:03Z","advisories":[],"bugzilla":"2452536","bugzilla_description":"Locutus: Locutus: Prototype Pollution and Denial of Service vulnerability in unserialize() function","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-915","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33993.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2026-33936","severity":"moderate","public_date":"2026-03-27T22:08:22Z","advisories":[],"bugzilla":"2452539","bugzilla_description":"python-ecdsa: ecdsa: Denial of Service via crafted DER input","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-130","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33936.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-34226","severity":"important","public_date":"2026-03-27T21:17:24Z","advisories":[],"bugzilla":"2452519","bugzilla_description":"happy-dom: Happy DOM: Information disclosure via incorrect cookie handling in fetch requests","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-201","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34226.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-33943","severity":"important","public_date":"2026-03-27T21:15:19Z","advisories":[],"bugzilla":"2452522","bugzilla_description":"happy-dom: Happy DOM: Remote Code Execution via JavaScript expression injection","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-917","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33943.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-33941","severity":"important","public_date":"2026-03-27T21:13:15Z","advisories":[],"bugzilla":"2452524","bugzilla_description":"handlebars.js: Handlebars: Arbitrary code execution via CLI precompiler input sanitization flaw","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-94","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33941.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"8.2"},{"CVE":"CVE-2026-33940","severity":"important","public_date":"2026-03-27T21:11:10Z","advisories":[],"bugzilla":"2452521","bugzilla_description":"handlebars.js: Handlebars.js: Arbitrary code execution via crafted template context","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-94","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33940.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"8.1"},{"CVE":"CVE-2026-33939","severity":"important","public_date":"2026-03-27T21:08:24Z","advisories":[],"bugzilla":"2452508","bugzilla_description":"handlebars.js: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-248","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33939.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-33938","severity":"important","public_date":"2026-03-27T21:05:42Z","advisories":[],"bugzilla":"2452525","bugzilla_description":"handlebars: Handlebars: Arbitrary code execution via @partial-block overwrite","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-917","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33938.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"8.1"},{"CVE":"CVE-2026-33937","severity":"important","public_date":"2026-03-27T21:03:46Z","advisories":[],"bugzilla":"2452523","bugzilla_description":"handlebars.js: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-94","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33937.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"9.8"},{"CVE":"CVE-2026-33916","severity":"moderate","public_date":"2026-03-27T21:00:48Z","advisories":[],"bugzilla":"2452509","bugzilla_description":"handlebars.js: Handlebars: Cross-Site Scripting (XSS) via prototype pollution in partial resolution","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-915","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33916.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N","cvss3_score":"4.7"},{"CVE":"CVE-2026-33896","severity":"important","public_date":"2026-03-27T20:50:03Z","advisories":[],"bugzilla":"2452458","bugzilla_description":"node-forge: Forge (node-forge): Certificate validation bypass allows unauthorized certificate issuance","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-295","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33896.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"7.4"},{"CVE":"CVE-2026-33895","severity":"important","public_date":"2026-03-27T20:47:54Z","advisories":[],"bugzilla":"2452457","bugzilla_description":"node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-347","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33895.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-33894","severity":"important","public_date":"2026-03-27T20:45:49Z","advisories":[],"bugzilla":"2452464","bugzilla_description":"node-forge: Forge: Signature Forgery via Weak RSASSA PKCS#1 v1.5 Verification","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-347","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33894.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-33891","severity":"important","public_date":"2026-03-27T20:43:37Z","advisories":[],"bugzilla":"2452450","bugzilla_description":"node-forge: node-forge: Denial of Service via infinite loop in BigInteger.modInverse()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-606","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33891.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-33871","severity":"important","public_date":"2026-03-27T19:55:23Z","advisories":[],"bugzilla":"2452456","bugzilla_description":"netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33871.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-33870","severity":"important","public_date":"2026-03-27T19:54:15Z","advisories":[],"bugzilla":"2452453","bugzilla_description":"io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-444","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33870.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-34475","severity":"moderate","public_date":"2026-03-27T19:40:28Z","advisories":[],"bugzilla":"2452408","bugzilla_description":"Varnish Cache: Varnish Cache and Varnish Enterprise: Cache poisoning and authentication bypass via unchecked URL handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1286","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34475.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N","cvss3_score":"5.4"},{"CVE":"CVE-2025-15381","severity":"important","public_date":"2026-03-27T16:17:30Z","advisories":[],"bugzilla":"2452341","bugzilla_description":"mlflow/mlflow: mlflow/mlflow: Information disclosure and unauthorized data modification via unprotected tracing and assessment endpoints","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-425","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15381.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"8.1"},{"CVE":"CVE-2026-4980","severity":"moderate","public_date":"2026-03-27T14:50:48Z","advisories":[],"bugzilla":"2452319","bugzilla_description":"Inkscape: Inkscape: Information disclosure via crafted SVG file with malicious XInclude tags","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-611","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4980.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N","cvss3_score":"6.3"},{"CVE":"CVE-2026-27879","severity":"moderate","public_date":"2026-03-27T14:28:56Z","advisories":[],"bugzilla":"2452286","bugzilla_description":"Grafana: Grafana: Denial of Service via resample query","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27879.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-28375","severity":"moderate","public_date":"2026-03-27T14:26:19Z","advisories":[],"bugzilla":"2452279","bugzilla_description":"grafana: Grafana: Denial of Service via testdata data-source","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28375.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-27876","severity":"critical","public_date":"2026-03-27T14:24:36Z","advisories":[],"bugzilla":"2452277","bugzilla_description":"grafana: grafana-enterprise-plugin: Grafana: Remote arbitrary code execution via chained SQL Expressions and Enterprise plugin attack","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-89","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27876.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H","cvss3_score":"9.1"},{"CVE":"CVE-2026-33758","severity":"important","public_date":"2026-03-27T14:12:33Z","advisories":[],"bugzilla":"2452294","bugzilla_description":"OpenBao: reflected XSS in OpenBao OIDC authentication error message","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-79","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33758.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L","cvss3_score":"9.6"},{"CVE":"CVE-2026-27880","severity":"important","public_date":"2026-03-27T14:12:20Z","advisories":[],"bugzilla":"2452295","bugzilla_description":"Grafana: Grafana: Denial of Service via unbounded memory read in feature toggle evaluation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27880.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-33757","severity":"important","public_date":"2026-03-27T14:10:58Z","advisories":[],"bugzilla":"2452269","bugzilla_description":"OpenBao: lack of user confirmation for OpenBao OIDC direct callback mode","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-384","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33757.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L","cvss3_score":"9.6"},{"CVE":"CVE-2026-33750","severity":"moderate","public_date":"2026-03-27T14:04:52Z","advisories":[],"bugzilla":"2452285","bugzilla_description":"brace-expansion: brace-expansion: Denial of Service via zero step value in brace pattern","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-606","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33750.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-27877","severity":"important","public_date":"2026-03-27T14:02:11Z","advisories":[],"bugzilla":"2452293","bugzilla_description":"grafana: Grafana: Information disclosure of data-source passwords via public dashboards","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-201","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27877.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-33748","severity":"moderate","public_date":"2026-03-27T14:00:21Z","advisories":[],"bugzilla":"2452271","bugzilla_description":"github.com/moby/buildkit: BuildKit: Unauthorized file access via Git URL fragment subdir components","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33748.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-33433","severity":"important","public_date":"2026-03-27T13:49:08Z","advisories":[],"bugzilla":"2452289","bugzilla_description":"github.com/traefik/traefik: Traefik: Authentication bypass via non-canonical HTTP header injection","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-290","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33433.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N","cvss3_score":"7.7"},{"CVE":"CVE-2026-32695","severity":"important","public_date":"2026-03-27T13:47:03Z","advisories":[],"bugzilla":"2452235","bugzilla_description":"github.com/traefik/traefik: Traefik: Cross-tenant traffic exposure and host restriction bypass via rule-syntax injection in Knative provider","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-917","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32695.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","cvss3_score":"7.7"},{"CVE":"CVE-2026-27860","severity":"low","public_date":"2026-03-27T08:10:22Z","advisories":[],"bugzilla":"2452176","bugzilla_description":"dovecot: Dovecot: Authentication bypass and information disclosure via LDAP filter injection","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-90","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27860.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N","cvss3_score":"3.7"},{"CVE":"CVE-2026-27859","severity":"moderate","public_date":"2026-03-27T08:10:22Z","advisories":[],"bugzilla":"2452180","bugzilla_description":"dovecot: Dovecot: Denial of Service via excessive RFC 2231 MIME parameters","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27859.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-27858","severity":"important","public_date":"2026-03-27T08:10:21Z","advisories":[],"bugzilla":"2452175","bugzilla_description":"dovecot: denial of service via crafted message before authentication","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27858.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-27857","severity":"important","public_date":"2026-03-27T08:10:20Z","advisories":[],"bugzilla":"2452179","bugzilla_description":"dovecot: denial of service via specially crafted NOOP command","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27857.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-27856","severity":"important","public_date":"2026-03-27T08:10:19Z","advisories":[],"bugzilla":"2452171","bugzilla_description":"dovecot: Doveadm: Full access via timing oracle attack in credential verification","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-208","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27856.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"7.4"},{"CVE":"CVE-2026-27855","severity":"moderate","public_date":"2026-03-27T08:10:18Z","advisories":[],"bugzilla":"2452177","bugzilla_description":"dovecot: Dovecot: Replay attack allows unauthorized login via observed One-Time Password (OTP) exchange","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-294","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27855.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N","cvss3_score":"6.8"},{"CVE":"CVE-2026-24031","severity":"important","public_date":"2026-03-27T08:10:18Z","advisories":[],"bugzilla":"2452181","bugzilla_description":"dovecot: Dovecot: Authentication bypass and user enumeration due to cleared auth_username_chars configuration","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-89","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24031.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L","cvss3_score":"7.7"},{"CVE":"CVE-2026-0394","severity":"moderate","public_date":"2026-03-27T08:10:17Z","advisories":[],"bugzilla":"2452173","bugzilla_description":"dovecot: Dovecot: Information disclosure and authentication bypass via path traversal","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0394.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2025-59032","severity":"important","public_date":"2026-03-27T08:10:16Z","advisories":[],"bugzilla":"2452172","bugzilla_description":"dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-229","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59032.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2025-59031","severity":"moderate","public_date":"2026-03-27T08:10:15Z","advisories":[],"bugzilla":"2452174","bugzilla_description":"dovecot: Dovecot: Information disclosure via specially crafted OOXML documents","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-611","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59031.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","cvss3_score":"4.3"},{"CVE":"CVE-2025-59028","severity":"moderate","public_date":"2026-03-27T08:10:15Z","advisories":[],"bugzilla":"2452178","bugzilla_description":"dovecot: Dovecot: Denial of Service via invalid SASL data","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1286","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59028.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-34353","severity":"moderate","public_date":"2026-03-27T04:55:58Z","advisories":[],"bugzilla":"2452093","bugzilla_description":"ocaml: OCaml: Information disclosure via integer overflow in Bigarray.reshape","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34353.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N","cvss3_score":"5.9"},{"CVE":"CVE-2026-33747","severity":"moderate","public_date":"2026-03-27T00:49:06Z","advisories":[],"bugzilla":"2452076","bugzilla_description":"BuildKit: github.com/moby/buildkit: BuildKit: Arbitrary file write and code execution via untrusted frontend","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33747.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"8.2"},{"CVE":"CVE-2026-33721","severity":"important","public_date":"2026-03-27T00:15:00Z","advisories":[],"bugzilla":"2452066","bugzilla_description":"MapServer: MapServer: Denial of Service via crafted Styled Layer Descriptor","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33721.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-33701","severity":"important","public_date":"2026-03-27T00:01:12Z","advisories":[],"bugzilla":"2452071","bugzilla_description":"io.opentelemetry.javaagent/opentelemetry-javaagent: OpenTelemetry Java Instrumentation: Remote code execution via deserialization vulnerability in RMI","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-502","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33701.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"8.1"},{"CVE":"CVE-2026-4948","severity":"moderate","public_date":"2026-03-27T00:00:00Z","advisories":[],"bugzilla":"2452086","bugzilla_description":"firewalld: firewalld: Local unprivileged user can modify firewall state due to D-Bus setter mis-authorization","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-279","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4948.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","cvss3_score":"5.5"},{"CVE":"CVE-2026-4981","severity":"moderate","public_date":"2026-03-27T00:00:00Z","advisories":[],"bugzilla":"2452218","bugzilla_description":"rhacs: Red Hat Advanced Cluster Security (ACS): Open Redirect and Content Spoofing via OAuth callback endpoint","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-601","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4981.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","cvss3_score":"5.4"},{"CVE":"CVE-2026-33699","severity":"moderate","public_date":"2026-03-26T23:58:42Z","advisories":[],"bugzilla":"2452062","bugzilla_description":"pypdf: pypdf: Denial of Service via crafted PDF in non-strict mode","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-606","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33699.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-27893","severity":"important","public_date":"2026-03-26T23:56:53Z","advisories":[],"bugzilla":"2452055","bugzilla_description":"vllm: vLLM: Remote code execution due to hardcoded trust_remote_code setting","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-501","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27893.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-33945","severity":"critical","public_date":"2026-03-26T23:27:45Z","advisories":[],"bugzilla":"2452054","bugzilla_description":"incus: Incus: Privilege escalation and denial of service via path traversal in systemd credential configuration","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33945.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-33898","severity":"important","public_date":"2026-03-26T23:25:45Z","advisories":[],"bugzilla":"2452051","bugzilla_description":"incus: Incus: Privilege escalation and unauthorized access due to improper authentication token validation in web UI","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-303","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33898.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"8.2"},{"CVE":"CVE-2026-33897","severity":"important","public_date":"2026-03-26T22:43:31Z","advisories":[],"bugzilla":"2452020","bugzilla_description":"incus: pongo2: Incus: Arbitrary file read/write as root via pongo2 template chroot bypass","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-243","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33897.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L","cvss3_score":"9.1"},{"CVE":"CVE-2026-33743","severity":"moderate","public_date":"2026-03-26T22:40:07Z","advisories":[],"bugzilla":"2452024","bugzilla_description":"incus: Incus: Denial of Service via specially crafted storage bucket backup","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1286","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33743.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-33711","severity":"important","public_date":"2026-03-26T22:37:29Z","advisories":[],"bugzilla":"2452021","bugzilla_description":"incus: Incus: Local privilege escalation or denial of service via predictable temporary file paths","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-59","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33711.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-33542","severity":"important","public_date":"2026-03-26T22:32:13Z","advisories":[],"bugzilla":"2452019","bugzilla_description":"github.com/lxc/incus: Incus: Image cache poisoning due to insufficient image fingerprint validation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-354","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33542.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H","cvss3_score":"8.5"},{"CVE":"CVE-2026-34352","severity":"moderate","public_date":"2026-03-26T22:30:46Z","advisories":[],"bugzilla":"2452022","bugzilla_description":"TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-279","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34352.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L","cvss3_score":"6.3"},{"CVE":"CVE-2026-28377","severity":"moderate","public_date":"2026-03-26T21:39:46Z","advisories":[],"bugzilla":"2451990","bugzilla_description":"Grafana Tempo: Grafana Tempo: Information disclosure of S3 encryption key via status config endpoint","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-312","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28377.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-33672","severity":"moderate","public_date":"2026-03-26T21:39:16Z","advisories":[],"bugzilla":"2451993","bugzilla_description":"picomatch: Picomatch: Data integrity compromised via method injection with crafted POSIX bracket expressions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-624","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33672.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2026-33671","severity":"moderate","public_date":"2026-03-26T21:20:48Z","advisories":[],"bugzilla":"2451986","bugzilla_description":"picomatch: Picomatch: Regular Expression Denial of Service via crafted extglob patterns","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1333","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33671.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-1556","severity":"important","public_date":"2026-03-26T21:14:20Z","advisories":[],"bugzilla":"2451981","bugzilla_description":"Drupal: File (Field) Paths: Drupal File (Field) Paths: Information Disclosure via filename-collision uploads","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-73","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1556.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","cvss3_score":"7.7"},{"CVE":"CVE-2026-3650","severity":"moderate","public_date":"2026-03-26T21:10:30Z","advisories":[],"bugzilla":"2451988","bugzilla_description":"gdcm: GDCM: Denial of Service via malformed DICOM files","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3650.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-33658","severity":"moderate","public_date":"2026-03-26T21:03:25Z","advisories":[],"bugzilla":"2451983","bugzilla_description":"rails: activestorage: Active Storage: Denial of Service via HTTP Range header processing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33658.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-21724","severity":"moderate","public_date":"2026-03-26T20:06:18Z","advisories":[],"bugzilla":"2451938","bugzilla_description":"Grafana OSS: Grafana OSS: Authorization bypass allows modification of protected webhook URLs","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-266","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-21724.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"5.4"},{"CVE":"CVE-2026-33375","severity":"moderate","public_date":"2026-03-26T20:05:52Z","advisories":[],"bugzilla":"2451939","bugzilla_description":"Grafana MSSQL Data Source Plugin: Grafana MSSQL Data Source Plugin: Denial of Service via Out-Of-Memory exhaustion","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33375.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-33536","severity":"moderate","public_date":"2026-03-26T19:57:53Z","advisories":[],"bugzilla":"2451849","bugzilla_description":"ImageMagick: ImageMagick: Denial of Service via out-of-bounds write","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-823","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33536.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"5.0"},{"CVE":"CVE-2026-33535","severity":"low","public_date":"2026-03-26T19:52:30Z","advisories":[],"bugzilla":"2451855","bugzilla_description":"ImageMagick: ImageMagick: Denial of Service via out-of-bounds write in X11 display interaction path","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33535.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"4.0"},{"CVE":"CVE-2026-33532","severity":"moderate","public_date":"2026-03-26T19:49:03Z","advisories":[],"bugzilla":"2451858","bugzilla_description":"yaml: yaml: Denial of Service via deeply nested YAML document parsing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-606","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33532.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-32287","severity":"moderate","public_date":"2026-03-26T19:40:52Z","advisories":[],"bugzilla":"2451856","bugzilla_description":"github.com/antchfx/xpath: github.com/antchfx/xpath: Denial of Service due to infinite loop via boolean XPath expressions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-606","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32287.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.2"},{"CVE":"CVE-2026-32285","severity":"important","public_date":"2026-03-26T19:40:51Z","advisories":[],"bugzilla":"2451846","bugzilla_description":"github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1285","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32285.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-32286","severity":"important","public_date":"2026-03-26T19:40:51Z","advisories":[],"bugzilla":"2451847","bugzilla_description":"github.com/jackc/pgproto3/v2: github.com/jackc/pgproto3/v2: Denial of Service via malicious PostgreSQL server","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1285","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32286.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-32284","severity":"moderate","public_date":"2026-03-26T19:40:51Z","advisories":[],"bugzilla":"2451851","bugzilla_description":"github.com/shamaton/msgpack: msgpack: Denial of Service via truncated fixext data","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-805","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32284.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.9"},{"CVE":"CVE-2026-4923","severity":"moderate","public_date":"2026-03-26T19:02:00Z","advisories":[],"bugzilla":"2451860","bugzilla_description":"path-to-regexp: path-to-regexp: Denial of Service via specially crafted paths with multiple wildcards","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1333","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4923.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.9"},{"CVE":"CVE-2026-4926","severity":"important","public_date":"2026-03-26T18:59:38Z","advisories":[],"bugzilla":"2451867","bugzilla_description":"path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1333","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4926.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-33490","severity":"moderate","public_date":"2026-03-26T17:19:15Z","advisories":[],"bugzilla":"2451798","bugzilla_description":"h3: H3: Information disclosure due to incorrect path prefix validation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33490.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-33487","severity":"important","public_date":"2026-03-26T17:17:51Z","advisories":[],"bugzilla":"2451814","bugzilla_description":"github.com/russellhaering/goxmldsig: goxmlsig: Integrity bypass due to incorrect XML Digital Signature validation via loop variable capture issue","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-347","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33487.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-33636","severity":"moderate","public_date":"2026-03-26T16:51:58Z","advisories":[],"bugzilla":"2451819","bugzilla_description":"libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-124","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33636.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H","cvss3_score":"7.6"},{"CVE":"CVE-2026-33416","severity":"moderate","public_date":"2026-03-26T16:48:54Z","advisories":[],"bugzilla":"2451805","bugzilla_description":"libpng: libpng: Arbitrary code execution due to use-after-free vulnerability","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33416.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4867","severity":"moderate","public_date":"2026-03-26T16:16:25Z","advisories":[],"bugzilla":"2451783","bugzilla_description":"path-to-regexp: path-to-regexp: Denial of Service via catastrophic backtracking from malformed URL parameters","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1333","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4867.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-33413","severity":"moderate","public_date":"2026-03-26T13:36:10Z","advisories":[],"bugzilla":"2451728","bugzilla_description":"etcd: etcd: Authorization bypass allows information disclosure and denial of service","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-306","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33413.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H","cvss3_score":"7.7"},{"CVE":"CVE-2026-33343","severity":"moderate","public_date":"2026-03-26T13:23:48Z","advisories":[],"bugzilla":"2451727","bugzilla_description":"etcd: etcd: Authorization bypass allows information disclosure via nested transactions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-639","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33343.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-4897","severity":"moderate","public_date":"2026-03-26T12:34:00Z","advisories":[],"bugzilla":"2451739","bugzilla_description":"polkit: Polkit: Denial of Service via unbounded input processing through standard input","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4897.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-1961","severity":"important","public_date":"2026-03-26T12:30:45Z","advisories":["RHSA-2026:5968","RHSA-2026:5971","RHSA-2026:5970"],"bugzilla":"2437036","bugzilla_description":"forman: Foreman: Remote Code Execution via command injection in WebSocket proxy","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-78","affected_packages":["foreman-0:3.14.0.14-1.el9sat","foreman-0:3.16.0.12-1.el9sat","rubygem-katello-0:4.16.0.14-1.el9sat","rubygem-fog-kubevirt-0:1.5.1-1.el9sat","python-pulp-container-0:2.22.3-1.el9pc","python-pulp-rpm-0:3.27.10-2.el9pc","python-django-0:4.2.28-0.1.el9pc","rubygem-rubyipmi-0:0.13.0-1.el9sat","satellite-0:6.17.7-1.el9sat","foreman-0:3.12.0.14-1.el9sat","libcomps-0:0.1.23-0.3.el9pc","foreman-0:3.12.0.14-1.el8sat","python-brotli-0:1.2.0-0.1.el9pc","rubygem-foreman_kubevirt-0:0.4.3-1.el9sat","yggdrasil-worker-forwarder-0:0.0.3-4.el9sat"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1961.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.0"},{"CVE":"CVE-2026-4887","severity":"moderate","public_date":"2026-03-26T11:35:00Z","advisories":[],"bugzilla":"2451669","bugzilla_description":"gimp: GIMP:Memory disclosure and denial of service via specially crafted PCX image","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-193","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4887.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","cvss3_score":"6.1"},{"CVE":"CVE-2026-23397","severity":"moderate","public_date":"2026-03-26T10:22:49Z","advisories":[],"bugzilla":"2451664","bugzilla_description":"Linux kernel: nfnetlink_osf: Linux kernel: Denial of Service in nfnetlink_osf via crafted network packets","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-130","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23397.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"4.4"},{"CVE":"CVE-2026-4874","severity":"low","public_date":"2026-03-26T05:56:03Z","advisories":[],"bugzilla":"2451611","bugzilla_description":"org.keycloak.protocol.oidc.grants: org.keycloak.services.managers: Keycloak: Server-Side Request Forgery via OIDC token endpoint manipulation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-918","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4874.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","cvss3_score":"3.1"},{"CVE":"CVE-2026-33526","severity":"important","public_date":"2026-03-26T00:16:12Z","advisories":["RHSA-2026:6301"],"bugzilla":"2451574","bugzilla_description":"squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":["squid-7:5.5-22.el9_7.4"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33526.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-33515","severity":"moderate","public_date":"2026-03-26T00:13:51Z","advisories":[],"bugzilla":"2451581","bugzilla_description":"Squid: Squid: Information disclosure via improper input validation in ICP traffic","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33515.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2026-32748","severity":"important","public_date":"2026-03-26T00:11:01Z","advisories":["RHSA-2026:6301"],"bugzilla":"2451577","bugzilla_description":"Squid: Squid: Denial of Service via crafted ICP traffic","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-826","affected_packages":["squid-7:5.5-22.el9_7.4"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32748.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-23396","severity":null,"public_date":"2026-03-26T00:00:00Z","advisories":[],"bugzilla":"2451661","bugzilla_description":"kernel: wifi: mac80211: fix NULL deref in mesh_matches_local()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23396.json"},{"CVE":"CVE-2026-23398","severity":"moderate","public_date":"2026-03-26T00:00:00Z","advisories":[],"bugzilla":"2451662","bugzilla_description":"kernel: icmp: fix NULL pointer dereference in icmp_tag_validation()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23398.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.2"},{"CVE":"CVE-2026-29976","severity":"low","public_date":"2026-03-26T00:00:00Z","advisories":[],"bugzilla":"2451745","bugzilla_description":"hcxpcapngtool: hcxtools: ZerBea hcxpcapngtool: Information disclosure via buffer overflow in getradiotapfield() function","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29976.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N","cvss3_score":"2.8"},{"CVE":"CVE-2026-30892","severity":"moderate","public_date":"2026-03-25T23:57:01Z","advisories":["RHSA-2026:6621","RHSA-2026:6622"],"bugzilla":"2451576","bugzilla_description":"crun: crun: Privilege escalation due to incorrect parsing of the `--user` option","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-115","affected_packages":["crun-0:1.27-1.el10_1","crun-0:1.27-1.el9_7"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30892.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.8"},{"CVE":"CVE-2026-33249","severity":"moderate","public_date":"2026-03-25T20:21:30Z","advisories":[],"bugzilla":"2451485","bugzilla_description":"github.com/nats-io/nats-server: NATS-Server: Unauthorized trace message redirection via message tracing headers","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1220","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33249.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","cvss3_score":"6.4"},{"CVE":"CVE-2026-33223","severity":"moderate","public_date":"2026-03-25T20:20:00Z","advisories":[],"bugzilla":"2451479","bugzilla_description":"nats-server: github.com/nats-io/nats-server: NATS-Server: Identity spoofing via `Nats-Request-Info:` header","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-807","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33223.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","cvss3_score":"6.4"},{"CVE":"CVE-2026-33248","severity":"moderate","public_date":"2026-03-25T20:18:28Z","advisories":[],"bugzilla":"2451484","bugzilla_description":"github.com/nats-io/nats-server: nats: NATS-Server: Authentication bypass due to incorrect Subject DN matching during mTLS client identity verification","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-289","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33248.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"4.8"},{"CVE":"CVE-2026-33222","severity":"moderate","public_date":"2026-03-25T20:10:51Z","advisories":[],"bugzilla":"2451480","bugzilla_description":"nats-server: NATS-Server: Unauthorized data modification via JetStream stream restore","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-639","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33222.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N","cvss3_score":"4.9"},{"CVE":"CVE-2026-33247","severity":"important","public_date":"2026-03-25T20:02:18Z","advisories":[],"bugzilla":"2451486","bugzilla_description":"github.com/nats-io/nats-server: NATS-Server: Information disclosure of credentials via monitoring port and command-line arguments","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-214","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33247.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-33219","severity":"important","public_date":"2026-03-25T19:55:28Z","advisories":[],"bugzilla":"2451445","bugzilla_description":"github.com/nats-io/nats-server: NATS-Server: Denial of Service via unbounded memory use in WebSockets","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33219.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-33218","severity":"important","public_date":"2026-03-25T19:53:12Z","advisories":[],"bugzilla":"2451450","bugzilla_description":"nats-server: github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed message pre-authentication on leafnode port","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1286","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33218.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-33246","severity":"moderate","public_date":"2026-03-25T19:50:03Z","advisories":[],"bugzilla":"2451449","bugzilla_description":"nats-server: nats: github.com/nats-io/nats-server: NATS-Server: Client identity spoofing via Nats-Request-Info header manipulation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-290","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33246.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N","cvss3_score":"6.4"},{"CVE":"CVE-2026-33217","severity":"important","public_date":"2026-03-25T19:43:40Z","advisories":[],"bugzilla":"2451446","bugzilla_description":"nats-server: github.com/nats-io/nats-server: NATS-Server: Access control bypass via unapplied ACLs in MQTT namespace","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-425","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33217.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"8.1"},{"CVE":"CVE-2026-33216","severity":"important","public_date":"2026-03-25T19:41:55Z","advisories":[],"bugzilla":"2451448","bugzilla_description":"nats-server: github.com/nats-io/nats-server: NATS-Server: Information disclosure of MQTT passwords through monitoring endpoints","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-213","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33216.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","cvss3_score":"8.6"},{"CVE":"CVE-2026-29785","severity":"important","public_date":"2026-03-25T19:38:44Z","advisories":[],"bugzilla":"2451444","bugzilla_description":"github.com/nats-io/nats-server: NATS-Server: Denial of Service via leafnode compression","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-409","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29785.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-27889","severity":"important","public_date":"2026-03-25T19:36:36Z","advisories":[],"bugzilla":"2451447","bugzilla_description":"github.com/nats-io/nats-server: NATS-Server: Denial of Service via malformed WebSockets frame","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1286","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27889.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-33809","severity":"moderate","public_date":"2026-03-25T18:24:04Z","advisories":[],"bugzilla":"2451437","bugzilla_description":"golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1285","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33809.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-1001","severity":"low","public_date":"2026-03-25T18:12:52Z","advisories":[],"bugzilla":"2451432","bugzilla_description":"Domoticz: Domoticz: Arbitrary script execution via stored cross-site scripting in web interface","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-79","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1001.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N","cvss3_score":"4.8"},{"CVE":"CVE-2026-25645","severity":"moderate","public_date":"2026-03-25T17:02:48Z","advisories":[],"bugzilla":"2451408","bugzilla_description":"requests: Requests: Security bypass due to predictable temporary file creation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-379","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25645.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N","cvss3_score":"4.7"},{"CVE":"CVE-2026-34085","severity":"moderate","public_date":"2026-03-25T16:54:37Z","advisories":[],"bugzilla":"2451414","bugzilla_description":"fontconfig: Fontconfig: Security flaw allows arbitrary code execution or system crash","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-193","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34085.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H","cvss3_score":"6.6"},{"CVE":"CVE-2026-3591","severity":"moderate","public_date":"2026-03-25T13:34:14Z","advisories":[],"bugzilla":"2451298","bugzilla_description":"bind: BIND: Unauthorized access due to use-after-return vulnerability in DNS query handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3591.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"5.4"},{"CVE":"CVE-2026-3119","severity":"moderate","public_date":"2026-03-25T13:31:54Z","advisories":[],"bugzilla":"2451308","bugzilla_description":"bind: BIND: Denial of Service via authenticated TKEY queries","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-237","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3119.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-3104","severity":"important","public_date":"2026-03-25T13:29:19Z","advisories":[],"bugzilla":"2451310","bugzilla_description":"bind: BIND: Denial of Service via specially crafted domain query causing a memory leak","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3104.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-1519","severity":"important","public_date":"2026-03-25T13:25:19Z","advisories":[],"bugzilla":"2451305","bugzilla_description":"bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1519.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-3608","severity":"important","public_date":"2026-03-25T08:46:48Z","advisories":[],"bugzilla":"2451139","bugzilla_description":"Kea: Kea: Denial of Service via maliciously crafted message","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-617","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3608.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-23367","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":null,"bugzilla_description":null,"cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-824","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23367.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23321","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451159","bugzilla_description":"kernel: mptcp: pm: in-kernel: always mark signal+subflow endp as used","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-911","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23321.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"3.3"},{"CVE":"CVE-2026-23395","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451160","bugzilla_description":"kernel: Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23395.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H","cvss3_score":"6.3"},{"CVE":"CVE-2026-23371","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451161","bugzilla_description":"kernel: sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-372","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23371.json"},{"CVE":"CVE-2026-23320","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451162","bugzilla_description":"kernel: usb: gadget: f_ncm: align net_device lifecycle with bind/unbind","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23320.json"},{"CVE":"CVE-2026-23363","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451163","bugzilla_description":"kernel: wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-805","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23363.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23353","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451164","bugzilla_description":"kernel: ice: fix crash in ethtool offline loopback test","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-824","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23353.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23374","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451165","bugzilla_description":"kernel: blktrace: fix __this_cpu_read/write in preemptible context","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-820","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23374.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23350","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451166","bugzilla_description":"kernel: drm/xe/queue: Call fini on exec queue creation fail","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23350.json"},{"CVE":"CVE-2026-23364","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451167","bugzilla_description":"kernel: ksmbd: Compare MACs in constant time","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-208","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23364.json"},{"CVE":"CVE-2026-23285","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451168","bugzilla_description":"kernel: drbd: fix null-pointer dereference on local read error","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23285.json"},{"CVE":"CVE-2026-23279","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451170","bugzilla_description":"kernel: wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23279.json"},{"CVE":"CVE-2026-23390","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451171","bugzilla_description":"kernel: tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23390.json"},{"CVE":"CVE-2026-23286","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451172","bugzilla_description":"kernel: atm: lec: fix null-ptr-deref in lec_arp_clear_vccs","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23286.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23347","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451173","bugzilla_description":"kernel: can: usb: f81604: correctly anchor the urb in the read bulk callback","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-771","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23347.json"},{"CVE":"CVE-2026-23296","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451174","bugzilla_description":"kernel: scsi: core: Fix refcount leak for tagset_refcnt","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-911","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23296.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23368","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451175","bugzilla_description":"kernel: net: phy: register phy led_triggers during probe to avoid AB-BA deadlock","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-833","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23368.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23284","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451176","bugzilla_description":"kernel: net: ethernet: mtk_eth_soc: Reset prog ptr to old_prog in case of error in mtk_xdp_setup()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-911","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23284.json"},{"CVE":"CVE-2026-23315","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451177","bugzilla_description":"kernel: wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23315.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23352","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451178","bugzilla_description":"kernel: x86/efi: defer freeing of boot services memory","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-763","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23352.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23290","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451179","bugzilla_description":"kernel: net: usb: pegasus: validate USB endpoints","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-909","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23290.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23340","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451180","bugzilla_description":"kernel: net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-364","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23340.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23294","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451181","bugzilla_description":"kernel: bpf: Fix race in devmap on PREEMPT_RT","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-364","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23294.json"},{"CVE":"CVE-2026-23341","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451182","bugzilla_description":"kernel: accel/amdxdna: Fix crash when destroying a suspended hardware context","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23341.json"},{"CVE":"CVE-2026-23385","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451183","bugzilla_description":"kernel: netfilter: nf_tables: clone set on flush only","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23385.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23344","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451184","bugzilla_description":"kernel: crypto: ccp - Fix use-after-free on error path","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23344.json"},{"CVE":"CVE-2026-23292","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451185","bugzilla_description":"kernel: scsi: target: Fix recursive locking in __configfs_open_file()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-764","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23292.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23291","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451186","bugzilla_description":"kernel: nfc: pn533: properly drop the usb interface reference on disconnect","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-911","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23291.json"},{"CVE":"CVE-2026-23310","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451187","bugzilla_description":"kernel: bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1288","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23310.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23317","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451188","bugzilla_description":"kernel: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-390","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23317.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:L","cvss3_score":"5.8"},{"CVE":"CVE-2026-23318","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451189","bugzilla_description":"kernel: ALSA: usb-audio: Use correct version for UAC3 header validation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1287","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23318.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L","cvss3_score":"6.6"},{"CVE":"CVE-2026-23331","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451190","bugzilla_description":"kernel: udp: Unhash auto-bound connected sk from 4-tuple hash table when disconnected","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23331.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"3.3"},{"CVE":"CVE-2026-23293","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451191","bugzilla_description":"kernel: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-824","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23293.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23304","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451192","bugzilla_description":"kernel: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23304.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23308","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451193","bugzilla_description":"kernel: pinctrl: equilibrium: fix warning trace on load","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-779","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23308.json"},{"CVE":"CVE-2026-23305","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451194","bugzilla_description":"kernel: accel/rocket: fix unwinding in error path in rocket_probe","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23305.json"},{"CVE":"CVE-2026-23307","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451195","bugzilla_description":"kernel: can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-805","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23307.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23356","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451196","bugzilla_description":"kernel: drbd: fix \"LOGIC BUG\" in drbd_al_begin_io_nonblock()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-413","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23356.json"},{"CVE":"CVE-2026-23280","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451197","bugzilla_description":"kernel: accel/amdxdna: Prevent ubuf size overflow","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23280.json"},{"CVE":"CVE-2026-23360","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451198","bugzilla_description":"kernel: nvme: fix admin queue leak on controller reset","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23360.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23375","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451199","bugzilla_description":"kernel: mm: thp: deny THP for files on anonymous inodes","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23375.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.0"},{"CVE":"CVE-2026-23302","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451200","bugzilla_description":"kernel: net: annotate data-races around sk->sk_{data_ready,write_space}","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-366","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23302.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"3.3"},{"CVE":"CVE-2026-23394","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451201","bugzilla_description":"kernel: af_unix: Give up GC if MSG_PEEK intervened","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-367","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23394.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23359","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451202","bugzilla_description":"kernel: bpf: Fix stack-out-of-bounds write in devmap","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23359.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23319","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451203","bugzilla_description":"kernel: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23319.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"6.4"},{"CVE":"CVE-2026-23299","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451204","bugzilla_description":"kernel: Bluetooth: purge error queues in socket destructors","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23299.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"3.3"},{"CVE":"CVE-2026-23329","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451205","bugzilla_description":"kernel: libie: don't unroll if fwlog isn't supported","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-371","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23329.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23383","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451206","bugzilla_description":"kernel: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-468","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23383.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"6.4"},{"CVE":"CVE-2026-23295","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451207","bugzilla_description":"kernel: accel/amdxdna: Fix dead lock for suspend and resume","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-413","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23295.json"},{"CVE":"CVE-2026-23311","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451208","bugzilla_description":"kernel: perf/core: Fix invalid wait context in ctx_sched_in()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-413","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23311.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23332","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451209","bugzilla_description":"kernel: cpufreq: intel_pstate: Fix crash during turbo disable","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23332.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23361","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451210","bugzilla_description":"kernel: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-367","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23361.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23314","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451211","bugzilla_description":"kernel: regulator: bq257xx: Fix device node reference leak in bq257xx_reg_dt_parse_gpio()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23314.json"},{"CVE":"CVE-2026-23388","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451212","bugzilla_description":"kernel: Squashfs: check metadata block offset is within range","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1285","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23388.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H","cvss3_score":"6.6"},{"CVE":"CVE-2026-23325","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451213","bugzilla_description":"kernel: wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-805","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23325.json"},{"CVE":"CVE-2026-23324","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451214","bugzilla_description":"kernel: can: usb: etas_es58x: correctly anchor the urb in the read bulk callback","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23324.json"},{"CVE":"CVE-2026-23326","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451215","bugzilla_description":"kernel: xsk: Fix fragment node deletion to prevent buffer leak","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-909","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23326.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23323","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451216","bugzilla_description":"kernel: hwmon: (macsmc) Fix regressions in Apple Silicon SMC hwmon driver","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23323.json"},{"CVE":"CVE-2026-23303","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451217","bugzilla_description":"kernel: smb: client: Don't log plaintext credentials in cifs_set_cifscreds","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-256","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23303.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23392","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451218","bugzilla_description":"kernel: netfilter: nf_tables: release flowtable after rcu grace period on error","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23392.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.0"},{"CVE":"CVE-2026-23334","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451219","bugzilla_description":"kernel: can: usb: f81604: handle short interrupt urb messages properly","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23334.json"},{"CVE":"CVE-2026-23381","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451220","bugzilla_description":"kernel: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-824","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23381.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23301","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451221","bugzilla_description":"kernel: ASoC: SDCA: Add allocation failure check for Entity name","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-252","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23301.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23313","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451223","bugzilla_description":"kernel: i40e: Fix preempt count leak in napi poll tracepoint","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-911","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23313.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23358","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451224","bugzilla_description":"kernel: drm/amdgpu: Fix error handling in slot reset","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-824","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23358.json"},{"CVE":"CVE-2026-23370","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451225","bugzilla_description":"kernel: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-256","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23370.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"4.4"},{"CVE":"CVE-2026-23297","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451226","bugzilla_description":"kernel: nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23297.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23298","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451227","bugzilla_description":"kernel: can: ucan: Fix infinite loop from zero-length messages","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-606","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23298.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23312","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451228","bugzilla_description":"kernel: net: usb: kaweth: validate USB endpoints","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1288","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23312.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23387","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451229","bugzilla_description":"kernel: pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1341","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23387.json"},{"CVE":"CVE-2026-23309","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451230","bugzilla_description":"kernel: tracing: Add NULL pointer check to trigger_data_free()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23309.json"},{"CVE":"CVE-2026-23338","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451231","bugzilla_description":"kernel: drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1284","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23338.json"},{"CVE":"CVE-2026-23354","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451232","bugzilla_description":"kernel: x86/fred: Correct speculative safety in fred_extint()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1037","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23354.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"3.3"},{"CVE":"CVE-2026-23345","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451233","bugzilla_description":"kernel: arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-386","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23345.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23369","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451235","bugzilla_description":"kernel: i2c: i801: Revert \"i2c: i801: replace acpi_lock with I2C bus lock\"","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-367","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23369.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23346","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451236","bugzilla_description":"kernel: arm64: io: Extract user memory type in ioremap_prot()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-843","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23346.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23343","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451237","bugzilla_description":"kernel: xdp: produce a warning when calculated tailroom is negative","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23343.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23365","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451238","bugzilla_description":"kernel: net: usb: kalmia: validate USB endpoints","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1287","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23365.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23281","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451239","bugzilla_description":"kernel: wifi: libertas: fix use-after-free in lbs_free_adapter()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-821","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23281.json"},{"CVE":"CVE-2026-23306","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451240","bugzilla_description":"kernel: scsi: pm8001: Fix use-after-free in pm8001_queue_command()","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23306.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23342","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451241","bugzilla_description":"kernel: bpf: Fix race in cpumap on PREEMPT_RT","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-367","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23342.json"},{"CVE":"CVE-2026-23335","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451242","bugzilla_description":"kernel: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-908","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23335.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"3.3"},{"CVE":"CVE-2026-23333","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451243","bugzilla_description":"kernel: netfilter: nft_set_rbtree: validate open interval overlap","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1288","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23333.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23373","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451244","bugzilla_description":"kernel: wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-909","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23373.json"},{"CVE":"CVE-2026-23349","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451245","bugzilla_description":"kernel: HID: pidff: Fix condition effect bit clearing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-824","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23349.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23282","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451246","bugzilla_description":"kernel: smb: client: fix oops due to uninitialised var in smb2_unlink()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-824","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23282.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23379","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451247","bugzilla_description":"kernel: net/sched: ets: fix divide by zero in the offload path","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23379.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23384","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451248","bugzilla_description":"kernel: RDMA/ionic: Fix kernel stack leak in ionic_create_cq()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-908","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23384.json"},{"CVE":"CVE-2026-23355","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451249","bugzilla_description":"kernel: ata: libata: cancel pending work after clearing deferred_qc","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-459","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23355.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23300","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451250","bugzilla_description":"kernel: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-909","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23300.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23328","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451251","bugzilla_description":"kernel: accel/amdxdna: Fix NULL pointer dereference of mgmt_chann","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23328.json"},{"CVE":"CVE-2026-23382","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451252","bugzilla_description":"kernel: HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-414","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23382.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23289","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451253","bugzilla_description":"kernel: IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23289.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23351","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451254","bugzilla_description":"kernel: netfilter: nft_set_pipapo: split gc into unlink and reclaim phase","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23351.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23336","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451255","bugzilla_description":"kernel: wifi: cfg80211: cancel rfkill_block work in wiphy_unregister()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23336.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23362","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451256","bugzilla_description":"kernel: can: bcm: fix locking for bcm_op runtime updates","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-909","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23362.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23366","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451257","bugzilla_description":"kernel: drm/client: Do not destroy NULL modes","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-824","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23366.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23316","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451258","bugzilla_description":"kernel: net: ipv4: fix ARM64 alignment fault in multipath hash seed","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-468","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23316.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23348","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451259","bugzilla_description":"kernel: cxl: Fix race of nvdimm_bus object when creating nvdimm objects","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-820","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23348.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23393","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451260","bugzilla_description":"kernel: bridge: cfm: Fix race condition in peer_mep deletion","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23393.json"},{"CVE":"CVE-2026-23377","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451261","bugzilla_description":"kernel: ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23377.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23372","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451262","bugzilla_description":"kernel: nfc: rawsock: cancel tx_work before socket teardown","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-364","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23372.json"},{"CVE":"CVE-2026-23389","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451263","bugzilla_description":"kernel: ice: Fix memory leak in ice_set_ringparam()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-763","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23389.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23283","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451264","bugzilla_description":"kernel: regulator: fp9931: Fix PM runtime reference leak in fp9931_hwmon_read()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-911","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23283.json"},{"CVE":"CVE-2026-23357","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451265","bugzilla_description":"kernel: can: mcp251x: fix deadlock in error path of mcp251x_open","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-833","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23357.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23380","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451266","bugzilla_description":"kernel: tracing: Fix WARN_ON in tracing_buffers_mmap_close","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-911","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23380.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"3.3"},{"CVE":"CVE-2026-23376","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451267","bugzilla_description":"kernel: nvmet-fcloop: Check remoteport port_state before calling done callback","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-414","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23376.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"3.3"},{"CVE":"CVE-2026-23339","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451268","bugzilla_description":"kernel: nfc: nci: free skb on nci_transceive early error paths","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23339.json"},{"CVE":"CVE-2026-23391","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451269","bugzilla_description":"kernel: netfilter: xt_CT: drop pending enqueued packets on template removal","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-911","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23391.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-31788","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451270","bugzilla_description":"kernel: xen/privcmd: restrict usage in unprivileged domU","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-266","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31788.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"6.7"},{"CVE":"CVE-2026-23378","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451271","bugzilla_description":"kernel: net/sched: act_ife: Fix metalist update behavior","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23378.json"},{"CVE":"CVE-2026-23386","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451273","bugzilla_description":"kernel: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1285","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23386.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23288","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451274","bugzilla_description":"kernel: accel/amdxdna: Fix out-of-bounds memset in command slot handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23288.json"},{"CVE":"CVE-2026-23337","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451275","bugzilla_description":"kernel: pinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23337.json"},{"CVE":"CVE-2026-23330","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451276","bugzilla_description":"kernel: nfc: nci: complete pending data exchange on device close","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23330.json"},{"CVE":"CVE-2026-23287","severity":"low","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451277","bugzilla_description":"kernel: irqchip/sifive-plic: Fix frozen interrupt due to affinity setting","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-367","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23287.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23322","severity":null,"public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451278","bugzilla_description":"kernel: ipmi: Fix use-after-free and list corruption on sender error","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23322.json"},{"CVE":"CVE-2026-23327","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451279","bugzilla_description":"kernel: cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed()","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1284","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23327.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-30587","severity":"moderate","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451404","bugzilla_description":"Seafile Server: Seadoc editor: seahub: seadoc-editor: Seafile Server: Arbitrary client-side code execution via Stored Cross-Site Scripting in Seadoc editor","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-79","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30587.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N","cvss3_score":"6.3"},{"CVE":"CVE-2025-67030","severity":"important","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451409","bugzilla_description":"org.codehaus.plexus:plexus-utils: Plexus-utils: Directory Traversal in extractFile method","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67030.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L","cvss3_score":"8.3"},{"CVE":"CVE-2025-70888","severity":"critical","public_date":"2026-03-25T00:00:00Z","advisories":[],"bugzilla":"2451443","bugzilla_description":"osslsigncode: Osslsigncode: Remote privilege escalation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-266","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-70888.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","cvss3_score":"10.0"},{"CVE":"CVE-2026-33215","severity":"moderate","public_date":"2026-03-24T20:55:53Z","advisories":[],"bugzilla":"2451021","bugzilla_description":"nats-server: NATS-Server: Session and message hijacking via MQTT Client ID malfeasance","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-290","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33215.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L","cvss3_score":"6.5"},{"CVE":"CVE-2026-4371","severity":"important","public_date":"2026-03-24T20:27:15Z","advisories":["RHSA-2026:6917","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2451001","bugzilla_description":"thunderbird: Out of bounds read in IMAP parsing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-130","affected_packages":["thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4371.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","cvss3_score":"8.2"},{"CVE":"CVE-2026-3889","severity":"low","public_date":"2026-03-24T20:27:14Z","advisories":["RHSA-2026:6917","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2451006","bugzilla_description":"thunderbird: Spoofing issue in Thunderbird","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-20","affected_packages":["thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3889.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","cvss3_score":"5.4"},{"CVE":"CVE-2026-33412","severity":"important","public_date":"2026-03-24T19:43:07Z","advisories":["RHSA-2026:6915","RHSA-2026:6617","RHSA-2026:6729","RHSA-2026:6619","RHSA-2026:6539","RHSA-2026:6725","RHSA-2026:6736","RHSA-2026:6731","RHSA-2026:6730","RHSA-2026:6620","RHSA-2026:6502","RHSA-2026:6540"],"bugzilla":"2450907","bugzilla_description":"vim: Vim: Arbitrary code execution via command injection in glob() function","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-78","affected_packages":["vim-2:7.4.629-8.el7_9.1","vim-2:8.2.2637-20.el9_2.1","vim-2:8.0.1763-13.el8_2.1","vim-2:8.0.1763-19.el8_6.5","vim-2:8.0.1763-20.el8_8.1","vim-2:8.0.1763-15.el8_4.1","vim-2:8.2.2637-16.el9_0.4","vim-2:9.1.083-5.el10_0.2","vim-2:7.4.629-5.el6_10.3","vim-2:8.2.2637-20.el9_4.2","vim-2:8.0.1763-22.el8_10.1","vim-2:8.2.2637-22.el9_6.2"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33412.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.3"},{"CVE":"CVE-2026-33349","severity":"moderate","public_date":"2026-03-24T19:35:47Z","advisories":[],"bugzilla":"2450909","bugzilla_description":"fast-xml-parser: fast-xml-parser: Denial of Service via unbounded entity expansion due to incorrect configuration limit handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1284","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33349.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.9"},{"CVE":"CVE-2026-32948","severity":"moderate","public_date":"2026-03-24T18:48:30Z","advisories":[],"bugzilla":"2450890","bugzilla_description":"org.scala-sbt/sbt: sbt: Arbitrary command execution via unvalidated URI fragments on Windows","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-78","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32948.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N","cvss3_score":"5.7"},{"CVE":"CVE-2026-32647","severity":"important","public_date":"2026-03-24T18:00:00Z","advisories":["RHSA-2026:6906","RHSA-2026:6923","RHSA-2026:7002","RHSA-2026:6907"],"bugzilla":"2449598","bugzilla_description":"nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":["nginx-2:1.26.3-2.el10_1.1","nginx-2:1.20.1-24.el9_7.2","nginx:1.24-8100020260401080144.489197e6","nginx:1.24-9070020260331134728.9"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32647.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.8"},{"CVE":"CVE-2026-32854","severity":"moderate","public_date":"2026-03-24T17:31:32Z","advisories":[],"bugzilla":"2450845","bugzilla_description":"LibVNCServer: LibVNCServer: Denial of Service via specially crafted HTTP requests","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32854.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-32853","severity":"moderate","public_date":"2026-03-24T17:30:40Z","advisories":[],"bugzilla":"2450843","bugzilla_description":"LibVNCServer: LibVNCServer: Information disclosure or Denial of Service via heap out-of-bounds read in UltraZip encoding","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32853.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L","cvss3_score":"5.4"},{"CVE":"CVE-2026-4775","severity":"important","public_date":"2026-03-24T14:33:35Z","advisories":[],"bugzilla":"2450768","bugzilla_description":"libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4775.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.8"},{"CVE":"CVE-2026-27651","severity":"important","public_date":"2026-03-24T14:13:27Z","advisories":["RHSA-2026:6906","RHSA-2026:6923","RHSA-2026:7002","RHSA-2026:6907"],"bugzilla":"2450791","bugzilla_description":"NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":["nginx-2:1.26.3-2.el10_1.1","nginx-2:1.20.1-24.el9_7.2","nginx:1.24-8100020260401080144.489197e6","nginx:1.24-9070020260331134728.9"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27651.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-27654","severity":"important","public_date":"2026-03-24T14:13:26Z","advisories":["RHSA-2026:6906","RHSA-2026:6923","RHSA-2026:7002","RHSA-2026:6907"],"bugzilla":"2450776","bugzilla_description":"NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":["nginx-2:1.26.3-2.el10_1.1","nginx-2:1.20.1-24.el9_7.2","nginx:1.24-8100020260401080144.489197e6","nginx:1.24-9070020260331134728.9"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27654.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","cvss3_score":"8.2"},{"CVE":"CVE-2026-28755","severity":"moderate","public_date":"2026-03-24T14:13:26Z","advisories":[],"bugzilla":"2450779","bugzilla_description":"NGINX: NGINX: Certificate revocation bypass when OCSP is enabled","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-295","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28755.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"5.4"},{"CVE":"CVE-2026-28753","severity":"low","public_date":"2026-03-24T14:13:26Z","advisories":[],"bugzilla":"2450780","bugzilla_description":"NGINX: NGINX Plus: NGINX Open Source: NGINX Plus and NGINX Open Source: Request manipulation via header injection in SMTP upstream requests","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-93","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28753.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N","cvss3_score":"3.7"},{"CVE":"CVE-2026-27784","severity":"important","public_date":"2026-03-24T14:13:25Z","advisories":["RHSA-2026:6906","RHSA-2026:6923","RHSA-2026:7002","RHSA-2026:6907"],"bugzilla":"2450785","bugzilla_description":"NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":["nginx-2:1.26.3-2.el10_1.1","nginx-2:1.20.1-24.el9_7.2","nginx:1.24-8100020260401080144.489197e6","nginx:1.24-9070020260331134728.9"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27784.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4721","severity":"important","public_date":"2026-03-24T12:30:44Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450711","bugzilla_description":"firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4721.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4729","severity":"important","public_date":"2026-03-24T12:30:43Z","advisories":[],"bugzilla":"2450745","bugzilla_description":"firefox: Memory safety bugs fixed in Firefox 149 and Thunderbird 149","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4729.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4720","severity":"important","public_date":"2026-03-24T12:30:43Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450751","bugzilla_description":"firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4720.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4718","severity":"low","public_date":"2026-03-24T12:30:42Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450742","bugzilla_description":"firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-475","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4718.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N","cvss3_score":"3.4"},{"CVE":"CVE-2026-4719","severity":"low","public_date":"2026-03-24T12:30:42Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450746","bugzilla_description":"firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-805","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4719.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N","cvss3_score":"3.4"},{"CVE":"CVE-2026-4728","severity":"low","public_date":"2026-03-24T12:30:41Z","advisories":[],"bugzilla":"2450717","bugzilla_description":"firefox: Spoofing issue in the Privacy: Anti-Tracking component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-290","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4728.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N","cvss3_score":"3.4"},{"CVE":"CVE-2026-4727","severity":"low","public_date":"2026-03-24T12:30:41Z","advisories":[],"bugzilla":"2450753","bugzilla_description":"firefox: Denial-of-service in the Libraries component in NSS","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4727.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N","cvss3_score":"3.4"},{"CVE":"CVE-2026-4717","severity":"moderate","public_date":"2026-03-24T12:30:40Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450712","bugzilla_description":"firefox: thunderbird: Privilege escalation in the Netmonitor component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-266","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4717.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","cvss3_score":"6.1"},{"CVE":"CVE-2026-4726","severity":"low","public_date":"2026-03-24T12:30:40Z","advisories":[],"bugzilla":"2450731","bugzilla_description":"firefox: Denial-of-service in the XML component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-776","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4726.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N","cvss3_score":"3.4"},{"CVE":"CVE-2026-4716","severity":"moderate","public_date":"2026-03-24T12:30:39Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450720","bugzilla_description":"firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-824","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4716.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","cvss3_score":"6.1"},{"CVE":"CVE-2026-4715","severity":"moderate","public_date":"2026-03-24T12:30:38Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450723","bugzilla_description":"firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-824","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4715.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-4714","severity":"moderate","public_date":"2026-03-24T12:30:38Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450725","bugzilla_description":"firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4714.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-4712","severity":"moderate","public_date":"2026-03-24T12:30:37Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450728","bugzilla_description":"firefox: thunderbird: Information disclosure in the Widget: Cocoa component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-359","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4712.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-4713","severity":"moderate","public_date":"2026-03-24T12:30:37Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450730","bugzilla_description":"firefox: thunderbird: Incorrect boundary conditions in the Graphics component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4713.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","cvss3_score":"6.1"},{"CVE":"CVE-2026-4725","severity":"moderate","public_date":"2026-03-24T12:30:36Z","advisories":[],"bugzilla":"2450716","bugzilla_description":"firefox: Sandbox escape due to use-after-free in the Graphics: Canvas2D component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4725.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","cvss3_score":"6.1"},{"CVE":"CVE-2026-4711","severity":"moderate","public_date":"2026-03-24T12:30:36Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450733","bugzilla_description":"firefox: thunderbird: Use-after-free in the Widget: Cocoa component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4711.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","cvss3_score":"6.1"},{"CVE":"CVE-2026-4709","severity":"moderate","public_date":"2026-03-24T12:30:35Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450726","bugzilla_description":"firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4709.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","cvss3_score":"6.1"},{"CVE":"CVE-2026-4710","severity":"moderate","public_date":"2026-03-24T12:30:35Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450727","bugzilla_description":"firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4710.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","cvss3_score":"6.1"},{"CVE":"CVE-2026-4708","severity":"moderate","public_date":"2026-03-24T12:30:34Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450735","bugzilla_description":"firefox: thunderbird: Incorrect boundary conditions in the Graphics component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4708.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","cvss3_score":"6.1"},{"CVE":"CVE-2026-4706","severity":"moderate","public_date":"2026-03-24T12:30:33Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450714","bugzilla_description":"firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4706.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","cvss3_score":"6.1"},{"CVE":"CVE-2026-4707","severity":"moderate","public_date":"2026-03-24T12:30:33Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450755","bugzilla_description":"firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-823","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4707.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","cvss3_score":"6.1"},{"CVE":"CVE-2026-4705","severity":"moderate","public_date":"2026-03-24T12:30:32Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450722","bugzilla_description":"firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-475","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4705.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-4704","severity":"moderate","public_date":"2026-03-24T12:30:32Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450756","bugzilla_description":"firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4704.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4723","severity":"moderate","public_date":"2026-03-24T12:30:31Z","advisories":[],"bugzilla":"2450743","bugzilla_description":"firefox: Use-after-free in the JavaScript Engine component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4723.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","cvss3_score":"6.1"},{"CVE":"CVE-2026-4724","severity":"moderate","public_date":"2026-03-24T12:30:31Z","advisories":[],"bugzilla":"2450749","bugzilla_description":"firefox: Undefined behavior in the Audio/Video component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-475","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4724.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","cvss3_score":"6.1"},{"CVE":"CVE-2026-4722","severity":"moderate","public_date":"2026-03-24T12:30:30Z","advisories":[],"bugzilla":"2450737","bugzilla_description":"firefox: Privilege escalation in the IPC component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-270","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4722.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4702","severity":"moderate","public_date":"2026-03-24T12:30:30Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450744","bugzilla_description":"firefox: thunderbird: JIT miscompilation in the JavaScript Engine component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-733","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4702.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","cvss3_score":"6.1"},{"CVE":"CVE-2026-4701","severity":"moderate","public_date":"2026-03-24T12:30:29Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450710","bugzilla_description":"firefox: thunderbird: Use-after-free in the JavaScript Engine component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4701.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","cvss3_score":"6.1"},{"CVE":"CVE-2026-4699","severity":"important","public_date":"2026-03-24T12:30:28Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450739","bugzilla_description":"firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4699.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4700","severity":"important","public_date":"2026-03-24T12:30:28Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450752","bugzilla_description":"firefox: thunderbird: Mitigation bypass in the Networking: HTTP component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-444","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4700.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4698","severity":"important","public_date":"2026-03-24T12:30:27Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450719","bugzilla_description":"firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-733","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4698.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4697","severity":"important","public_date":"2026-03-24T12:30:27Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450729","bugzilla_description":"firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4697.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4695","severity":"important","public_date":"2026-03-24T12:30:26Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450715","bugzilla_description":"firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4695.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4696","severity":"important","public_date":"2026-03-24T12:30:26Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450740","bugzilla_description":"firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4696.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4693","severity":"important","public_date":"2026-03-24T12:30:25Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450741","bugzilla_description":"firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-823","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4693.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4694","severity":"important","public_date":"2026-03-24T12:30:25Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450747","bugzilla_description":"firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4694.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4691","severity":"important","public_date":"2026-03-24T12:30:24Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450738","bugzilla_description":"firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4691.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4692","severity":"important","public_date":"2026-03-24T12:30:24Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450748","bugzilla_description":"firefox: thunderbird: Sandbox escape in the Responsive Design Mode component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-653","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4692.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4689","severity":"important","public_date":"2026-03-24T12:30:23Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450718","bugzilla_description":"firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4689.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4690","severity":"important","public_date":"2026-03-24T12:30:23Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450732","bugzilla_description":"firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4690.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4688","severity":"important","public_date":"2026-03-24T12:30:22Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450713","bugzilla_description":"firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4688.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4687","severity":"important","public_date":"2026-03-24T12:30:22Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450757","bugzilla_description":"firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-501","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4687.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4685","severity":"important","public_date":"2026-03-24T12:30:21Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450724","bugzilla_description":"firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4685.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4686","severity":"important","public_date":"2026-03-24T12:30:21Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450734","bugzilla_description":"firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4686.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4684","severity":"important","public_date":"2026-03-24T12:30:20Z","advisories":["RHSA-2026:6917","RHSA-2026:5931","RHSA-2026:5932","RHSA-2026:5930","RHSA-2026:6342","RHSA-2026:6188"],"bugzilla":"2450721","bugzilla_description":"firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-364","affected_packages":["firefox-0:140.9.0-1.el8_10","firefox-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el10_1","thunderbird-0:140.9.0-1.el9_7","firefox-0:140.9.0-1.el9_7","thunderbird-0:140.9.0-1.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4684.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4649","severity":"moderate","public_date":"2026-03-24T08:15:16Z","advisories":[],"bugzilla":"2450641","bugzilla_description":"Apache Artemis: KNIME Business Hub: Apache Artemis and KNIME Business Hub: Authentication bypass allows information disclosure and message injection.","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-306","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4649.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N","cvss3_score":"6.1"},{"CVE":"CVE-2026-32642","severity":"moderate","public_date":"2026-03-24T07:53:44Z","advisories":[],"bugzilla":"2450642","bugzilla_description":"Apache Artemis: Apache ActiveMQ Artemis: Apache Artemis and Apache ActiveMQ Artemis: Unauthorized address creation due to incorrect authorization during JMS topic subscription.","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32642.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","cvss3_score":"4.3"},{"CVE":"CVE-2026-3260","severity":"moderate","public_date":"2026-03-24T04:05:00Z","advisories":[],"bugzilla":"2443010","bugzilla_description":"undertow: Undertow: Denial of Service due to premature multipart/form-data parsing in GET requests","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3260.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.9"},{"CVE":"CVE-2026-33306","severity":"moderate","public_date":"2026-03-24T00:08:00Z","advisories":[],"bugzilla":"2450565","bugzilla_description":"github.com/bcrypt-ruby/bcrypt-ruby: bcrypt-ruby (JRuby): Weakened password hashing due to integer overflow","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33306.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"6.7"},{"CVE":"CVE-2026-33554","severity":"moderate","public_date":"2026-03-24T00:00:00Z","advisories":[],"bugzilla":"2450778","bugzilla_description":"freeipmi: buffer overflows on response messages via ipmi-oem","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33554.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-33211","severity":"moderate","public_date":"2026-03-23T23:55:54Z","advisories":["RHSA-2026:6170","RHSA-2026:6166"],"bugzilla":"2450554","bugzilla_description":"Tekton Pipelines: github.com/tektoncd/pipeline: Tekton Pipelines: Information disclosure via path traversal in git resolver","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":["openshift-pipelines/pipelines-resolvers-rhel9:sha256:0eeefa13b3b9d1a03e25ec2e3e413bcd3d6d321a6acca853d6201f8943a62894","openshift-pipelines/pipelines-operator-bundle:sha256:6585794d76cffb3f87fc7eacb905f0dd5f02476f717c911f2c0faf7c4081a080"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33211.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","cvss3_score":"7.7"},{"CVE":"CVE-2026-33252","severity":"moderate","public_date":"2026-03-23T23:44:16Z","advisories":[],"bugzilla":"2450542","bugzilla_description":"encoding/json: golang: github.com/modelcontextprotocol/go-sdk: Go MCP SDK: Remote tool execution via cross-site request forgery","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-940","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33252.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L","cvss3_score":"7.1"},{"CVE":"CVE-2026-33202","severity":"moderate","public_date":"2026-03-23T23:34:52Z","advisories":[],"bugzilla":"2450547","bugzilla_description":"rails: Active Storage: Unintended file deletion via crafted blob keys","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33202.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-33195","severity":"important","public_date":"2026-03-23T23:31:41Z","advisories":[],"bugzilla":"2450546","bugzilla_description":"Rails: Active Storage: Active Storage (Rails): Arbitrary file access via path traversal in blob keys","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33195.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N","cvss3_score":"8.1"},{"CVE":"CVE-2026-33176","severity":"moderate","public_date":"2026-03-23T23:29:27Z","advisories":[],"bugzilla":"2450551","bugzilla_description":"Rails: Active Support: Active Support: Denial of Service via large scientific notation strings","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33176.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-33174","severity":"moderate","public_date":"2026-03-23T23:24:55Z","advisories":[],"bugzilla":"2450544","bugzilla_description":"Rails: Active Storage: Rails Active Storage: Denial of Service via unbounded Range header","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33174.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.9"},{"CVE":"CVE-2026-33173","severity":"moderate","public_date":"2026-03-23T23:21:29Z","advisories":[],"bugzilla":"2450545","bugzilla_description":"Rails: Active Storage: Rails Active Storage: Content type bypass via arbitrary metadata in direct uploads","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1287","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33173.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L","cvss3_score":"7.6"},{"CVE":"CVE-2026-33170","severity":"moderate","public_date":"2026-03-23T23:09:48Z","advisories":[],"bugzilla":"2450543","bugzilla_description":"Rails: Active Support: Active Support: Cross-Site Scripting (XSS) due to improper HTML safety flag propagation in SafeBuffer#%","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-79","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33170.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","cvss3_score":"5.4"},{"CVE":"CVE-2026-33169","severity":"moderate","public_date":"2026-03-23T23:07:07Z","advisories":[],"bugzilla":"2450556","bugzilla_description":"rails: rails-activesupport: Active Support: Denial of Service via crafted long digit strings","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1333","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33169.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.9"},{"CVE":"CVE-2026-33168","severity":"moderate","public_date":"2026-03-23T23:01:22Z","advisories":[],"bugzilla":"2450549","bugzilla_description":"actionview: Action View: Cross-Site Scripting (XSS) via blank HTML attribute names","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-79","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33168.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","cvss3_score":"5.4"},{"CVE":"CVE-2026-33167","severity":"moderate","public_date":"2026-03-23T22:58:53Z","advisories":[],"bugzilla":"2450552","bugzilla_description":"Rails: Action Pack: Action Pack: Cross-Site Scripting (XSS) via improper exception message escaping","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-79","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33167.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","cvss3_score":"5.4"},{"CVE":"CVE-2026-29111","severity":"moderate","public_date":"2026-03-23T21:03:56Z","advisories":[],"bugzilla":"2450505","bugzilla_description":"systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1287","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29111.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.8"},{"CVE":"CVE-2026-26209","severity":"moderate","public_date":"2026-03-23T18:53:10Z","advisories":[],"bugzilla":"2450422","bugzilla_description":"cbor2: cbor2: Denial of Service due to uncontrolled recursion via crafted CBOR payloads","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26209.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-3635","severity":"moderate","public_date":"2026-03-23T13:53:00Z","advisories":[],"bugzilla":"2450330","bugzilla_description":"fastify: request.protocol and request.host spoofable via X-Forwarded-Proto/Host from untrusted connections when trustProxy uses restrictive trust function","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-348","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3635.json","cvss3_scoring_vector":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N","cvss3_score":"6.1"},{"CVE":"CVE-2026-4603","severity":"moderate","public_date":"2026-03-23T05:00:14Z","advisories":[],"bugzilla":"2450205","bugzilla_description":"jsrsasign: jsrsasign: Cryptographic operations impacted by division by zero via malicious JSON Web Key","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-369","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4603.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","cvss3_score":"5.9"},{"CVE":"CVE-2026-4601","severity":"important","public_date":"2026-03-23T05:00:13Z","advisories":["RHSA-2026:6926","RHSA-2026:6912","RHSA-2026:6720","RHSA-2026:6568"],"bugzilla":"2450209","bugzilla_description":"jsrsasign: jsrsasign: Private Key Recovery via Missing Cryptographic Step in DSA Signing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-325","affected_packages":["quay/quay-rhel8:sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b","quay/quay-rhel8:sha256:08299d2ffb70a6b3f892ca732f97961a10a72cb4d4c123f10e81633f5c1c69ea","quay/quay-rhel8:sha256:356815af5f87ce3a8e0ee8213bb9b5537b658f29338b51f63672c7e5d7a5a50b","quay/quay-rhel8:sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4601.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N","cvss3_score":"8.7"},{"CVE":"CVE-2026-4599","severity":"important","public_date":"2026-03-23T05:00:12Z","advisories":["RHSA-2026:6926","RHSA-2026:6912","RHSA-2026:6720","RHSA-2026:6568"],"bugzilla":"2450207","bugzilla_description":"jsrsasign: jsrsasign: Private key recovery via incomplete comparison checks biasing DSA nonces","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-338","affected_packages":["quay/quay-rhel8:sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b","quay/quay-rhel8:sha256:08299d2ffb70a6b3f892ca732f97961a10a72cb4d4c123f10e81633f5c1c69ea","quay/quay-rhel8:sha256:356815af5f87ce3a8e0ee8213bb9b5537b658f29338b51f63672c7e5d7a5a50b","quay/quay-rhel8:sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4599.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"9.1"},{"CVE":"CVE-2026-4598","severity":"important","public_date":"2026-03-23T05:00:11Z","advisories":["RHSA-2026:6720","RHSA-2026:6568"],"bugzilla":"2450210","bugzilla_description":"jsrsasign: jsrsasign: Denial of Service via infinite loop in bnModInverse function with crafted inputs","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1287","affected_packages":["quay/quay-rhel8:sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b","quay/quay-rhel8:sha256:356815af5f87ce3a8e0ee8213bb9b5537b658f29338b51f63672c7e5d7a5a50b"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4598.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4602","severity":"important","public_date":"2026-03-23T05:00:10Z","advisories":["RHSA-2026:6926","RHSA-2026:6912","RHSA-2026:6720","RHSA-2026:6568"],"bugzilla":"2450206","bugzilla_description":"jsrsasign: jsrsasign: Signature verification bypass via negative exponent handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-681","affected_packages":["quay/quay-rhel8:sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b","quay/quay-rhel8:sha256:08299d2ffb70a6b3f892ca732f97961a10a72cb4d4c123f10e81633f5c1c69ea","quay/quay-rhel8:sha256:356815af5f87ce3a8e0ee8213bb9b5537b658f29338b51f63672c7e5d7a5a50b","quay/quay-rhel8:sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4602.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-4600","severity":"important","public_date":"2026-03-23T05:00:08Z","advisories":["RHSA-2026:6926","RHSA-2026:6912","RHSA-2026:6720","RHSA-2026:6568"],"bugzilla":"2450208","bugzilla_description":"jsrsasign: jsrsasign: Cryptographic signature forgery via malicious DSA domain parameters","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-347","affected_packages":["quay/quay-rhel8:sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b","quay/quay-rhel8:sha256:08299d2ffb70a6b3f892ca732f97961a10a72cb4d4c123f10e81633f5c1c69ea","quay/quay-rhel8:sha256:356815af5f87ce3a8e0ee8213bb9b5537b658f29338b51f63672c7e5d7a5a50b","quay/quay-rhel8:sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4600.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N","cvss3_score":"8.2"},{"CVE":"CVE-2026-4628","severity":"moderate","public_date":"2026-03-23T00:00:00Z","advisories":[],"bugzilla":"2450240","bugzilla_description":"keycloak: org.keycloak.authorization: Keycloak: Unauthorized resource modification due to improper access control","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-284","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4628.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","cvss3_score":"4.3"},{"CVE":"CVE-2026-4647","severity":"moderate","public_date":"2026-03-23T00:00:00Z","advisories":[],"bugzilla":"2450302","bugzilla_description":"binutils: Out-of-Bounds Read in XCOFF Relocation Processing in GNU Binutils BFD Library","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4647.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","cvss3_score":"6.1"},{"CVE":"CVE-2026-4678","severity":"important","public_date":"2026-03-23T00:00:00Z","advisories":[],"bugzilla":"2450564","bugzilla_description":"chromium-browser: Use after free in WebGPU","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4678.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-4674","severity":"important","public_date":"2026-03-23T00:00:00Z","advisories":[],"bugzilla":"2450567","bugzilla_description":"chromium-browser: Out of bounds read in CSS","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4674.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-4680","severity":"important","public_date":"2026-03-23T00:00:00Z","advisories":[],"bugzilla":"2450568","bugzilla_description":"chromium-browser: Use after free in FedCM","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4680.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-4673","severity":"important","public_date":"2026-03-23T00:00:00Z","advisories":[],"bugzilla":"2450569","bugzilla_description":"chromium-browser: Heap buffer overflow in WebAudio","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4673.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-4675","severity":"important","public_date":"2026-03-23T00:00:00Z","advisories":[],"bugzilla":"2450570","bugzilla_description":"chromium-browser: Heap buffer overflow in WebGL","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4675.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-4676","severity":"important","public_date":"2026-03-23T00:00:00Z","advisories":[],"bugzilla":"2450571","bugzilla_description":"chromium-browser: Use after free in Dawn","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4676.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-4679","severity":"important","public_date":"2026-03-23T00:00:00Z","advisories":[],"bugzilla":"2450572","bugzilla_description":"chromium-browser: Integer overflow in Fonts","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4679.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-4677","severity":"important","public_date":"2026-03-23T00:00:00Z","advisories":[],"bugzilla":"2450573","bugzilla_description":"chromium-browser: Out of bounds read in WebAudio","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4677.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-4539","severity":"low","public_date":"2026-03-22T05:35:12Z","advisories":[],"bugzilla":"2450066","bugzilla_description":"pygments: Pygments: Denial of Service via inefficient regular expression processing in AdlLexer","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1333","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4539.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"3.3"},{"CVE":"CVE-2026-4538","severity":"moderate","public_date":"2026-03-22T04:20:28Z","advisories":[],"bugzilla":"2450062","bugzilla_description":"pytorch: PyTorch: Deserialization vulnerability in pt2 Loading Handler allows local impact","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-502","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4538.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2019-25544","severity":"moderate","public_date":"2026-03-21T12:46:48Z","advisories":[],"bugzilla":"2449948","bugzilla_description":"Pidgin: Pidgin: Denial of Service via excessively long username","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1284","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-25544.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.2"},{"CVE":"CVE-2026-33228","severity":"critical","public_date":"2026-03-20T23:06:48Z","advisories":[],"bugzilla":"2449872","bugzilla_description":"flatted: Flatted: Prototype pollution vulnerability allows arbitrary code execution via crafted JSON.","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-915","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33228.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"9.8"},{"CVE":"CVE-2026-33210","severity":"moderate","public_date":"2026-03-20T22:57:08Z","advisories":[],"bugzilla":"2449871","bugzilla_description":"ruby/json: Ruby JSON: Denial of Service or Information Disclosure via format string injection","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-134","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33210.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","cvss3_score":"6.5"},{"CVE":"CVE-2026-33236","severity":"important","public_date":"2026-03-20T22:47:10Z","advisories":[],"bugzilla":"2449824","bugzilla_description":"nltk: NLTK: Arbitrary file overwrite and creation via path traversal in XML index files","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33236.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H","cvss3_score":"8.1"},{"CVE":"CVE-2026-33231","severity":"important","public_date":"2026-03-20T22:45:40Z","advisories":[],"bugzilla":"2449836","bugzilla_description":"nltk: NLTK: Denial of Service via unauthenticated remote shutdown","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-306","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33231.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-33230","severity":"moderate","public_date":"2026-03-20T22:43:39Z","advisories":[],"bugzilla":"2449825","bugzilla_description":"nltk: NLTK: Script execution via reflected cross-site scripting in WordNet Browser","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-79","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33230.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","cvss3_score":"6.1"},{"CVE":"CVE-2026-33204","severity":"moderate","public_date":"2026-03-20T22:37:13Z","advisories":[],"bugzilla":"2449822","bugzilla_description":"SimpleJWT: SimpleJWT: Denial of Service via JWE header tampering","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-325","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33204.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.9"},{"CVE":"CVE-2026-33186","severity":"important","public_date":"2026-03-20T22:23:32Z","advisories":["RHSA-2026:7110","RHSA-2026:6428","RHSA-2026:6802","RHSA-2026:7128"],"bugzilla":"2449833","bugzilla_description":"google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-551","affected_packages":["advanced-cluster-security/rhacs-main-rhel8:sha256:433c4926f5a93402642d459c627a1ecf65e101a42bcce4042c36858205b93be9","advanced-cluster-security/rhacs-roxctl-rhel8:sha256:07d8cbd4310eda65e515533621df271cc8ac1818b1b275b50b961cbcc591bf76","rhdh/rhdh-rhel9-operator:sha256:4e4ab9dd3243274e6f378553e241ae8b9fdeed7fe2daaa7efb34f60ee46a2eef","network-observability/network-observability-flowlogs-pipeline-rhel9:sha256:5218256abd119c47e49511a207521013f4e70873f5e1695cd33c7acb236167a3","advanced-cluster-security/rhacs-rhel8-operator:sha256:04d163e1994dec3630cdf2f5b7a4d903369b5e36fcb7b2ab8c65300fa410d541","advanced-cluster-security/rhacs-roxctl-rhel8:sha256:56b6a1298a529b756765c844cd09e6201a7b5caca2cdf8d88a28814628585fa9","advanced-cluster-security/rhacs-rhel8-operator:sha256:4f00761fa67936c65ae05c98d28886873321679ed3d0a8741526332e57b2455e","network-observability/network-observability-rhel9-operator:sha256:13ea96ec33fe631eea4970b4d05aaebb101d1e964047cc3cdd8e659eb1329122","advanced-cluster-security/rhacs-scanner-v4-rhel8:sha256:145e7b65e3d01210bfa07bb3e286c29e1d9218b38ec78c4e97557cba6ec4c14b","advanced-cluster-security/rhacs-main-rhel8:sha256:5533b87f5a3c9df67608236393d31507dd2b1f0af0ca787997f9dfed44222d9d","advanced-cluster-security/rhacs-scanner-v4-rhel8:sha256:579133a11226d177bf8b72ebd81285c842671e41e50c49a482bc80412eb703e9","network-observability/network-observability-cli-rhel9:sha256:05ced6a12abb5c6156d57cde83a5515f1ba1ae4b4876c20df8e87acf658b55cd","network-observability/network-observability-ebpf-agent-rhel9:sha256:2f23661c41345f7e7625d961649fdc4432e5e9b546ca807dc50c1b685480d44f"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33186.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"8.1"},{"CVE":"CVE-2026-33180","severity":"important","public_date":"2026-03-20T22:19:59Z","advisories":[],"bugzilla":"2449841","bugzilla_description":"HAPI FHIR: hapifhir/org.hl7.fhir.core: HAPI FHIR: Information disclosure and potential impersonation via HTTP redirects sending sensitive headers","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-201","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33180.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N","cvss3_score":"8.2"},{"CVE":"CVE-2026-33155","severity":"moderate","public_date":"2026-03-20T20:25:53Z","advisories":[],"bugzilla":"2449786","bugzilla_description":"deepdiff: python: DeepDiff: Denial of Service via unrestricted memory allocation in pickle unpickler","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-502","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33155.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.9"},{"CVE":"CVE-2026-33154","severity":"moderate","public_date":"2026-03-20T20:22:59Z","advisories":[],"bugzilla":"2449774","bugzilla_description":"dynaconf: jinja2: Dynaconf: Arbitrary code execution via Server-Side Template Injection","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-917","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33154.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-33150","severity":"important","public_date":"2026-03-20T20:20:29Z","advisories":[],"bugzilla":"2449771","bugzilla_description":"libfuse: libfuse: Arbitrary code execution via use-after-free in io_uring subsystem","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33150.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.8"},{"CVE":"CVE-2026-33179","severity":"moderate","public_date":"2026-03-20T20:20:09Z","advisories":[],"bugzilla":"2449775","bugzilla_description":"libfuse: libfuse: Denial of Service via NULL pointer dereference and memory leak","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33179.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-33151","severity":"moderate","public_date":"2026-03-20T20:13:31Z","advisories":[],"bugzilla":"2449789","bugzilla_description":"socket.io: Socket.IO: Denial of Service due to excessive buffering of specially crafted packets","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33151.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-4438","severity":"low","public_date":"2026-03-20T19:59:06Z","advisories":[],"bugzilla":"2449783","bugzilla_description":"glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-838","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4438.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","cvss3_score":"4.0"},{"CVE":"CVE-2026-4437","severity":"moderate","public_date":"2026-03-20T19:59:00Z","advisories":[],"bugzilla":"2449777","bugzilla_description":"glibc: glibc: Incorrect DNS response parsing via crafted DNS server response","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1286","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4437.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L","cvss3_score":"6.5"},{"CVE":"CVE-2026-32710","severity":"moderate","public_date":"2026-03-20T18:31:48Z","advisories":[],"bugzilla":"2449711","bugzilla_description":"MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32710.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-4519","severity":"important","public_date":"2026-03-20T15:08:32Z","advisories":["RHSA-2026:6283","RHSA-2026:6285","RHSA-2026:7010","RHSA-2026:6281","RHSA-2026:6766","RHSA-2026:7244","RHSA-2026:6473","RHSA-2026:6286","RHSA-2026:6256"],"bugzilla":"2449649","bugzilla_description":"python: Python: Command-line option injection in webbrowser.open() via crafted URLs","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-88","affected_packages":["python3.12-0:3.12.9-1.el9_6.7","python3.12-0:3.12.12-4.el9_7.2","python3.11-0:3.11.13-5.2.el9_7","python3.11-0:3.11.13-6.el8_10","python3.12-0:3.12.12-3.el10_1.2","python3.12-0:3.12.9-2.el10_0.8","python3.12-0:3.12.12-4.el8_10","python3-0:3.6.8-75.el8_10","python3.9-0:3.9.25-3.el9_7.2"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4519.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L","cvss3_score":"7.1"},{"CVE":"CVE-2026-33132","severity":"moderate","public_date":"2026-03-20T10:21:19Z","advisories":[],"bugzilla":"2449597","bugzilla_description":"github.com/zitadel: ZITADEL: Authentication bypass allows sign-in with other organization's users","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-306","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33132.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2026-32595","severity":"moderate","public_date":"2026-03-20T10:08:41Z","advisories":[],"bugzilla":"2449591","bugzilla_description":"traefik: Traefik: Username enumeration via timing attack in BasicAuth middleware","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-208","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32595.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2026-32305","severity":"important","public_date":"2026-03-20T10:01:13Z","advisories":[],"bugzilla":"2449595","bugzilla_description":"Traefik: github.com/traefik/traefik: Traefik: mTLS bypass allows unauthorized service access via fragmented ClientHello.","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-179","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32305.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L","cvss3_score":"8.3"},{"CVE":"CVE-2026-33123","severity":"moderate","public_date":"2026-03-20T09:09:12Z","advisories":[],"bugzilla":"2449585","bugzilla_description":"pypdf: pypdf: Denial of Service due to excessive resource consumption from crafted PDF","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33123.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","cvss3_score":"4.3"},{"CVE":"CVE-2026-33022","severity":"moderate","public_date":"2026-03-20T07:48:15Z","advisories":["RHSA-2026:6170","RHSA-2026:6166"],"bugzilla":"2449483","bugzilla_description":"github.com/tektoncd/pipeline: Tekton Pipelines: Denial of Service via long resolver names","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-130","affected_packages":["openshift-pipelines/pipelines-operator-bundle:sha256:6585794d76cffb3f87fc7eacb905f0dd5f02476f717c911f2c0faf7c4081a080","openshift-pipelines/pipelines-controller-rhel9:sha256:3fcac1d8ade2f968d743f6bcc1d505933746e6dd83878ff2f1656cec005a107c"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33022.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-33056","severity":"moderate","public_date":"2026-03-20T07:11:10Z","advisories":[],"bugzilla":"2449490","bugzilla_description":"tar-rs: tar-rs: Arbitrary directory permission modification via crafted tar archive","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-59","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33056.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","cvss3_score":"4.4"},{"CVE":"CVE-2026-33036","severity":"moderate","public_date":"2026-03-20T05:17:03Z","advisories":["RHSA-2026:7110","RHSA-2026:7128"],"bugzilla":"2449458","bugzilla_description":"fast-xml-parser: fast-xml-parser: Denial of Service via XML entity expansion bypass","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-776","affected_packages":["advanced-cluster-security/rhacs-main-rhel8:sha256:433c4926f5a93402642d459c627a1ecf65e101a42bcce4042c36858205b93be9","advanced-cluster-security/rhacs-main-rhel8:sha256:5533b87f5a3c9df67608236393d31507dd2b1f0af0ca787997f9dfed44222d9d"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33036.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-33013","severity":"moderate","public_date":"2026-03-20T04:47:42Z","advisories":[],"bugzilla":"2449457","bugzilla_description":"micronaut-core: Micronaut Framework: Micronaut Framework: Denial of Service via crafted form parameters","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1285","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33013.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-33012","severity":"moderate","public_date":"2026-03-20T04:43:07Z","advisories":[],"bugzilla":"2449450","bugzilla_description":"Micronaut Framework: micronaut-core: Micronaut Framework: Denial of Service via unbounded cache in HTML error response handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33012.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-32947","severity":"moderate","public_date":"2026-03-20T04:03:03Z","advisories":[],"bugzilla":"2449437","bugzilla_description":"harden-runner: Harden-Runner: Data exfiltration via DNS over HTTPS (DoH) bypass","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-807","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32947.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"4.9"},{"CVE":"CVE-2026-32946","severity":"moderate","public_date":"2026-03-20T03:58:40Z","advisories":[],"bugzilla":"2449438","bugzilla_description":"step-security/harden-runner: Harden-Runner: Egress policy bypass via DNS over TCP","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-791","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32946.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"4.9"},{"CVE":"CVE-2026-32889","severity":"moderate","public_date":"2026-03-20T02:23:25Z","advisories":[],"bugzilla":"2449419","bugzilla_description":"tinytag: tinytag: Denial of Service via malicious MP3 file parsing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-835","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32889.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-32875","severity":"important","public_date":"2026-03-20T01:35:23Z","advisories":[],"bugzilla":"2449400","bugzilla_description":"ultrajson: UltraJSON: Denial of Service via large indent parameter in JSON serialization","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32875.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-32874","severity":"important","public_date":"2026-03-20T01:31:30Z","advisories":[],"bugzilla":"2449411","bugzilla_description":"UltraJSON: UltraJSON: Denial of Service due to memory leak when parsing large integers","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32874.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-32766","severity":"low","public_date":"2026-03-20T00:07:36Z","advisories":[],"bugzilla":"2449371","bugzilla_description":"astral-tokio-tar: astral-tokio-tar: Potential archive misinterpretation via malformed PAX extensions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1286","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32766.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N","cvss3_score":"2.5"},{"CVE":"CVE-2026-23536","severity":"important","public_date":"2026-03-20T00:00:00Z","advisories":[],"bugzilla":"2429302","bugzilla_description":"feast: Unauthenticated Arbitrary File Read","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23536.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-23537","severity":"critical","public_date":"2026-03-20T00:00:00Z","advisories":[],"bugzilla":"2429304","bugzilla_description":"feast: Unauthenticated Arbitrary File Write","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-862","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23537.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","cvss3_score":"9.1"},{"CVE":"CVE-2026-23538","severity":"important","public_date":"2026-03-20T00:00:00Z","advisories":[],"bugzilla":"2429311","bugzilla_description":"feast: Resource exhaustion via WebSocket endpoint","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23538.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-23275","severity":"low","public_date":"2026-03-20T00:00:00Z","advisories":[],"bugzilla":"2449558","bugzilla_description":"kernel: io_uring: ensure ctx->rings is stable for task work flags manipulation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-366","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23275.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"4.7"},{"CVE":"CVE-2026-23277","severity":"moderate","public_date":"2026-03-20T00:00:00Z","advisories":[],"bugzilla":"2449560","bugzilla_description":"kernel: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23277.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23276","severity":"moderate","public_date":"2026-03-20T00:00:00Z","advisories":[],"bugzilla":"2449561","bugzilla_description":"kernel: net: add xmit recursion limit to tunnel xmit functions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-835","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23276.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23273","severity":"moderate","public_date":"2026-03-20T00:00:00Z","advisories":[],"bugzilla":"2449563","bugzilla_description":"kernel: macvlan: observe an RCU grace period in macvlan_common_newlink() error path","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-364","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23273.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23271","severity":"moderate","public_date":"2026-03-20T00:00:00Z","advisories":[],"bugzilla":"2449565","bugzilla_description":"kernel: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-672","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23271.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H","cvss3_score":"5.8"},{"CVE":"CVE-2026-23278","severity":"moderate","public_date":"2026-03-20T00:00:00Z","advisories":[],"bugzilla":"2449570","bugzilla_description":"kernel: netfilter: nf_tables: always walk all pending catchall elements","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-459","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23278.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23272","severity":"moderate","public_date":"2026-03-20T00:00:00Z","advisories":[],"bugzilla":"2449571","bugzilla_description":"kernel: netfilter: nf_tables: unconditionally bump set->nelems before insertion","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-367","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23272.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23274","severity":"moderate","public_date":"2026-03-20T00:00:00Z","advisories":[],"bugzilla":"2449572","bugzilla_description":"kernel: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-908","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23274.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-22737","severity":"moderate","public_date":"2026-03-19T23:53:59Z","advisories":[],"bugzilla":"2449348","bugzilla_description":"Spring Framework: Spring Framework: Information disclosure via Java scripting engine enabled template views","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22737.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-22735","severity":"low","public_date":"2026-03-19T23:37:35Z","advisories":[],"bugzilla":"2449347","bugzilla_description":"org.springframework/spring-webmvc: org.springframework/spring-webflux: Spring MVC and WebFlux: Stream corruption vulnerability when using Server-Sent Events","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-115","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22735.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N","cvss3_score":"2.6"},{"CVE":"CVE-2026-22732","severity":"moderate","public_date":"2026-03-19T22:47:38Z","advisories":[],"bugzilla":"2449306","bugzilla_description":"Spring Security: Spring Security: Security policy bypass and information disclosure due to unwritten HTTP headers","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-166","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22732.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-22731","severity":"moderate","public_date":"2026-03-19T22:36:15Z","advisories":[],"bugzilla":"2449290","bugzilla_description":"Spring Boot: Spring Boot: Authentication bypass via misconfigured Health Group additional path","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-305","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22731.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N","cvss3_score":"8.2"},{"CVE":"CVE-2026-4428","severity":"moderate","public_date":"2026-03-19T20:37:53Z","advisories":[],"bugzilla":"2449205","bugzilla_description":"AWS-LC: AWS-LC: Security bypass allows revoked certificates to be accepted due to CRL validation error","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-295","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4428.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N","cvss3_score":"5.9"},{"CVE":"CVE-2026-30836","severity":"critical","public_date":"2026-03-19T20:37:05Z","advisories":[],"bugzilla":"2449211","bugzilla_description":"github.com/smallstep/certificates: Step CA: Unauthenticated certificate issuance via SCEP Update Request","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-306","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30836.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","cvss3_score":"10.0"},{"CVE":"CVE-2026-26940","severity":"moderate","public_date":"2026-03-19T17:14:31Z","advisories":[],"bugzilla":"2449139","bugzilla_description":"Kibana: Timelion: Kibana Timelion Plugin: Denial of Service via improper input validation in Timelion expressions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1284","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26940.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-26939","severity":"moderate","public_date":"2026-03-19T17:11:16Z","advisories":[],"bugzilla":"2449144","bugzilla_description":"Kibana: Kibana: Unauthorized system control via missing authorization","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1220","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26939.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-3029","severity":"important","public_date":"2026-03-19T15:53:38Z","advisories":[],"bugzilla":"2449054","bugzilla_description":"PyMuPDF: PyMuPDF: Arbitrary file write via path traversal vulnerability","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3029.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"8.2"},{"CVE":"CVE-2006-10003","severity":"important","public_date":"2026-03-19T11:08:04Z","advisories":[],"bugzilla":"2448999","bugzilla_description":"perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-193","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-10003.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2006-10002","severity":"moderate","public_date":"2026-03-19T11:03:46Z","advisories":[],"bugzilla":"2449001","bugzilla_description":"perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-10002.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-4424","severity":"important","public_date":"2026-03-19T00:00:00Z","advisories":[],"bugzilla":"2449006","bugzilla_description":"libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4424.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-4426","severity":"moderate","public_date":"2026-03-19T00:00:00Z","advisories":[],"bugzilla":"2449010","bugzilla_description":"libarchive: libarchive: Denial of Service via malformed ISO file processing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1335","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4426.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2025-69720","severity":"moderate","public_date":"2026-03-19T00:00:00Z","advisories":["RHSA-2026:5913"],"bugzilla":"2449037","bugzilla_description":"ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":["ncurses-0:6.4-15.20240127.el10_1"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69720.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.8"},{"CVE":"CVE-2025-15031","severity":"important","public_date":"2026-03-18T22:06:47Z","advisories":[],"bugzilla":"2448912","bugzilla_description":"mlflow/mlflow: Path Traversal Vulnerability in mlflow/mlflow","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15031.json","cvss3_scoring_vector":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"8.1"},{"CVE":"CVE-2026-32700","severity":"moderate","public_date":"2026-03-18T20:55:55Z","advisories":[],"bugzilla":"2448858","bugzilla_description":"devise: Devise: Unauthorized email confirmation due to a race condition","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-367","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32700.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"6.8"},{"CVE":"CVE-2026-32636","severity":"moderate","public_date":"2026-03-18T20:39:44Z","advisories":[],"bugzilla":"2448862","bugzilla_description":"ImageMagick: ImageMagick: Denial of Service via out-of-bounds write in NewXMLTree method","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32636.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-31965","severity":"moderate","public_date":"2026-03-18T18:50:37Z","advisories":[],"bugzilla":"2448751","bugzilla_description":"htslib: HTSlib: Information disclosure or denial of service via out-of-bounds read in CRAM record processing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31965.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H","cvss3_score":"5.6"},{"CVE":"CVE-2026-31964","severity":"moderate","public_date":"2026-03-18T18:27:26Z","advisories":[],"bugzilla":"2448756","bugzilla_description":"htslib: HTSlib: Denial of Service via NULL pointer dereference in CRAM decoding","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31964.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"5.0"},{"CVE":"CVE-2026-31963","severity":"important","public_date":"2026-03-18T18:22:58Z","advisories":[],"bugzilla":"2448755","bugzilla_description":"htslib: HTSlib: Arbitrary code execution via crafted CRAM file","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-193","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31963.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.3"},{"CVE":"CVE-2026-3479","severity":"low","public_date":"2026-03-18T18:13:42Z","advisories":[],"bugzilla":"2448746","bugzilla_description":"python: Python pkgutil.get_data(): Path Traversal via improper resource argument validation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3479.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","cvss3_score":"3.3"},{"CVE":"CVE-2026-31962","severity":"important","public_date":"2026-03-18T18:08:26Z","advisories":[],"bugzilla":"2448750","bugzilla_description":"htslib: htslib: Heap buffer overflow leading to arbitrary code execution via crafted CRAM file","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1284","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31962.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.3"},{"CVE":"CVE-2026-27135","severity":"important","public_date":"2026-03-18T17:59:02Z","advisories":["RHSA-2026:7080","RHSA-2026:7123"],"bugzilla":"2448754","bugzilla_description":"nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-617","affected_packages":["nodejs22-1:22.22.2-1.el10_1","nodejs:22-8100020260331102257.6d880403"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27135.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-33002","severity":"moderate","public_date":"2026-03-18T15:15:25Z","advisories":[],"bugzilla":"2448643","bugzilla_description":"jenkins: Jenkins: Origin validation bypass via DNS rebinding in CLI WebSocket endpoint","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-346","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33002.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N","cvss3_score":"5.9"},{"CVE":"CVE-2026-33001","severity":"important","public_date":"2026-03-18T15:15:23Z","advisories":[],"bugzilla":"2448645","bugzilla_description":"jenkins: Jenkins: Arbitrary file write and potential code execution through crafted archives","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33001.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-31938","severity":"important","public_date":"2026-03-18T03:05:44Z","advisories":["RHSA-2026:7110","RHSA-2026:7128"],"bugzilla":"2448550","bugzilla_description":"jspdf: jsPDF: Cross site scripting via unsanitized output options","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-79","affected_packages":["advanced-cluster-security/rhacs-main-rhel8:sha256:433c4926f5a93402642d459c627a1ecf65e101a42bcce4042c36858205b93be9","advanced-cluster-security/rhacs-main-rhel8:sha256:5533b87f5a3c9df67608236393d31507dd2b1f0af0ca787997f9dfed44222d9d"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31938.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","cvss3_score":"8.1"},{"CVE":"CVE-2026-31898","severity":"important","public_date":"2026-03-18T03:03:43Z","advisories":["RHSA-2026:7110","RHSA-2026:7128"],"bugzilla":"2448547","bugzilla_description":"jspdf: jsPDF: Arbitrary code execution via unsanitized input in createAnnotation method","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-94","affected_packages":["advanced-cluster-security/rhacs-main-rhel8:sha256:433c4926f5a93402642d459c627a1ecf65e101a42bcce4042c36858205b93be9","advanced-cluster-security/rhacs-main-rhel8:sha256:5533b87f5a3c9df67608236393d31507dd2b1f0af0ca787997f9dfed44222d9d"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31898.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N","cvss3_score":"8.1"},{"CVE":"CVE-2026-30922","severity":"important","public_date":"2026-03-18T02:29:45Z","advisories":["RHSA-2026:6926","RHSA-2026:6309","RHSA-2026:6404","RHSA-2026:6912","RHSA-2026:6720","RHSA-2026:6568"],"bugzilla":"2448553","bugzilla_description":"pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-835","affected_packages":["ansible-automation-platform-26/lightspeed-chatbot-rhel9:sha256:111c3fa869282760a7408db240e5fbddd74816fa5ffc12578c267427eae8eb96","quay/quay-rhel8:sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b","quay/quay-rhel8:sha256:08299d2ffb70a6b3f892ca732f97961a10a72cb4d4c123f10e81633f5c1c69ea","quay/quay-rhel8:sha256:356815af5f87ce3a8e0ee8213bb9b5537b658f29338b51f63672c7e5d7a5a50b","quay/quay-rhel8:sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30922.json","cvss3_scoring_vector":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-28500","severity":"important","public_date":"2026-03-18T01:15:07Z","advisories":[],"bugzilla":"2448518","bugzilla_description":"onnx: ONNX: Untrusted Model Repository Warnings Suppressed","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-829","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28500.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","cvss3_score":"8.6"},{"CVE":"CVE-2026-29057","severity":"moderate","public_date":"2026-03-18T00:30:27Z","advisories":[],"bugzilla":"2448515","bugzilla_description":"next.js: Next.js: HTTP request smuggling in rewrites","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-444","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29057.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-27980","severity":"moderate","public_date":"2026-03-18T00:23:34Z","advisories":[],"bugzilla":"2448509","bugzilla_description":"next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27980.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-27979","severity":"moderate","public_date":"2026-03-18T00:13:29Z","advisories":[],"bugzilla":"2448512","bugzilla_description":"next.js: Next.js: Unbounded postponed resume buffering can lead to DoS","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27979.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-4366","severity":"moderate","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448543","bugzilla_description":"keycloak-services: Blind Server-Side Request Forgery (SSRF) via HTTP Redirect Handling in Keycloak","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-918","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4366.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N","cvss3_score":"5.8"},{"CVE":"CVE-2026-23245","severity":null,"public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448593","bugzilla_description":"kernel: net/sched: act_gate: snapshot parameters with RCU on replace","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23245.json"},{"CVE":"CVE-2026-23243","severity":"moderate","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448594","bugzilla_description":"kernel: Linux kernel: Denial of service and memory corruption in RDMA umad","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23243.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H","cvss3_score":"7.3"},{"CVE":"CVE-2025-71265","severity":null,"public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448595","bugzilla_description":"kernel: fs: ntfs3: fix infinite loop in attr_load_runs_range on inconsistent metadata","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-71265.json"},{"CVE":"CVE-2026-23248","severity":"moderate","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448596","bugzilla_description":"kernel: perf/core: Fix refcount bug and potential UAF in perf_mmap","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-911","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23248.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2025-71266","severity":null,"public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448597","bugzilla_description":"kernel: fs: ntfs3: check return value of indx_find to avoid infinite loop","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-71266.json"},{"CVE":"CVE-2026-23247","severity":"low","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448598","bugzilla_description":"kernel: tcp: secure_seq: add back ports to TS offset","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23247.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2025-71267","severity":null,"public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448599","bugzilla_description":"kernel: fs: ntfs3: fix infinite loop triggered by zero-sized ATTR_LIST","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-71267.json"},{"CVE":"CVE-2026-23246","severity":"moderate","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448600","bugzilla_description":"kernel: Linux kernel: Denial of Service in mac80211 Wi-Fi due to out-of-bounds write","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23246.json","cvss3_scoring_vector":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H","cvss3_score":"5.9"},{"CVE":"CVE-2026-23244","severity":"low","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448601","bugzilla_description":"kernel: nvme: fix memory allocation in nvme_pr_read_keys()","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23244.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23242","severity":"moderate","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448602","bugzilla_description":"kernel: RDMA/siw: Fix potential NULL pointer dereference in header processing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23242.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2025-71270","severity":null,"public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448681","bugzilla_description":"kernel: LoongArch: Enable exception fixup for specific ADE subcode","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-71270.json"},{"CVE":"CVE-2026-23263","severity":null,"public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448683","bugzilla_description":"kernel: io_uring/zcrx: fix page array leak","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23263.json"},{"CVE":"CVE-2026-23266","severity":null,"public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448684","bugzilla_description":"kernel: fbdev: rivafb: fix divide error in nv3_arb()","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23266.json"},{"CVE":"CVE-2026-23253","severity":"moderate","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448685","bugzilla_description":"kernel: Kernel: Denial of Service via DVB DVR ringbuffer reinitialization flaw","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-664","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23253.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H","cvss3_score":"6.2"},{"CVE":"CVE-2026-23261","severity":"low","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448686","bugzilla_description":"kernel: nvme-fc: release admin tagset if init fails","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23261.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"3.3"},{"CVE":"CVE-2026-23259","severity":"low","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448689","bugzilla_description":"kernel: io_uring/rw: free potentially allocated iovec on cache put failure","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23259.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2025-71269","severity":"moderate","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448690","bugzilla_description":"kernel: btrfs: do not free data reservation in fallback from inline due to -ENOSPC","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-832","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-71269.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23267","severity":null,"public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448691","bugzilla_description":"kernel: f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23267.json"},{"CVE":"CVE-2026-23256","severity":"low","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448693","bugzilla_description":"kernel: net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-193","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23256.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"3.3"},{"CVE":"CVE-2026-23262","severity":"moderate","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448694","bugzilla_description":"kernel: gve: Fix stats report corruption on queue count change","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23262.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2025-71268","severity":"low","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448696","bugzilla_description":"kernel: btrfs: fix reservation leak in some error paths when inserting inline extent","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-772","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-71268.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"3.3"},{"CVE":"CVE-2026-23254","severity":"low","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448699","bugzilla_description":"kernel: net: gro: fix outer network offset","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23254.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23249","severity":"moderate","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448700","bugzilla_description":"kernel: xfs: check for deleted cursors when revalidating two btrees","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23249.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23257","severity":"low","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448701","bugzilla_description":"kernel: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-193","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23257.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"3.3"},{"CVE":"CVE-2026-23260","severity":"low","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448702","bugzilla_description":"kernel: regmap: maple: free entry on mas_store_gfp() failure","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23260.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23255","severity":"moderate","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448703","bugzilla_description":"kernel: net: add proper RCU protection to /proc/net/ptype","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-362","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23255.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"4.7"},{"CVE":"CVE-2026-23252","severity":"low","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448704","bugzilla_description":"kernel: xfs: get rid of the xchk_xfile_*_descr calls","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23252.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23265","severity":null,"public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448709","bugzilla_description":"kernel: f2fs: fix to do sanity check on node footer in {read,write}_end_io","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23265.json"},{"CVE":"CVE-2026-23251","severity":"moderate","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448710","bugzilla_description":"kernel: xfs: only call xf{array,blob}_destroy if we have a valid pointer","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23251.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23264","severity":null,"public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448711","bugzilla_description":"kernel: Revert \"drm/amd: Check if ASPM is enabled from PCIe subsystem\"","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23264.json"},{"CVE":"CVE-2026-23250","severity":"moderate","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448712","bugzilla_description":"kernel: xfs: check return value of xchk_scrub_create_subord","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-253","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23250.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-23258","severity":"low","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448713","bugzilla_description":"kernel: net: liquidio: Initialize netdev pointer before queue setup","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-824","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23258.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"3.3"},{"CVE":"CVE-2026-23270","severity":"moderate","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448745","bugzilla_description":"kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-416","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23270.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.0"},{"CVE":"CVE-2026-26740","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448747","bugzilla_description":"giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26740.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-23268","severity":null,"public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448752","bugzilla_description":"kernel: apparmor: fix unprivileged local user can do privileged policy management","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23268.json"},{"CVE":"CVE-2026-23269","severity":null,"public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448753","bugzilla_description":"kernel: apparmor: validate DFA start states are in bounds in unpack_pdb","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23269.json"},{"CVE":"CVE-2023-43010","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":["RHSA-2024:9679","RHSA-2024:9646","RHSA-2024:9144","RHSA-2024:8496","RHSA-2024:9653","RHSA-2025:10364","RHSA-2024:9680","RHSA-2024:8492","RHSA-2024:9636","RHSA-2024:8180"],"bugzilla":"2448778","bugzilla_description":"webkitgtk: Processing maliciously crafted web content may lead to memory corruption","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":["webkit2gtk3-0:2.46.3-1.el8_4","webkit2gtk3-0:2.44.3-2.el9","webkit2gtk3-0:2.46.3-1.el8_6","webkit2gtk3-0:2.46.3-1.el8_8","webkit2gtk3-0:2.46.3-1.el8_10","webkit2gtk3-0:2.46.1-1.el9_2","webkitgtk4-0:2.48.3-2.el7_9","webkit2gtk3-0:2.46.1-1.el9_0","webkit2gtk3-0:2.46.3-1.el8_2","webkit2gtk3-0:2.46.1-2.el9_4"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-43010.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2025-31223","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":["RHSA-2025:19157","RHSA-2025:17807","RHSA-2025:17741","RHSA-2025:17743","RHSA-2025:17643","RHSA-2025:17802","RHSA-2025:19109","RHSA-2025:19352","RHSA-2025:19165","RHSA-2025:18097"],"bugzilla":"2448779","bugzilla_description":"webkitgtk: Processing maliciously crafted web content may lead to memory corruption","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":["webkit2gtk3-0:2.50.0-1.el8_6","webkit2gtk3-0:2.50.0-2.el9_4","webkit2gtk3-0:2.50.0-1.el8_10","webkit2gtk3-0:2.50.0-1.el8_8.1","webkit2gtk3-0:2.50.0-2.el9_2","webkit2gtk3-0:2.50.0-2.el9_0","webkit2gtk3-0:2.50.0-1.el8_2","webkit2gtk3-0:2.50.0-1.el8_4","webkit2gtk3-0:2.50.1-0.el9_6","webkitgtk4-0:2.50.0-1.el7_9"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31223.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2025-31277","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":["RHSA-2025:19157","RHSA-2025:17807","RHSA-2025:17741","RHSA-2025:17743","RHSA-2025:17643","RHSA-2025:17802","RHSA-2025:19109","RHSA-2025:19352","RHSA-2025:19165","RHSA-2025:18097"],"bugzilla":"2448780","bugzilla_description":"webkitgtk: Processing maliciously crafted web content may lead to memory corruption","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":["webkit2gtk3-0:2.50.0-1.el8_6","webkit2gtk3-0:2.50.0-2.el9_4","webkit2gtk3-0:2.50.0-1.el8_10","webkit2gtk3-0:2.50.0-1.el8_8.1","webkit2gtk3-0:2.50.0-2.el9_2","webkit2gtk3-0:2.50.0-2.el9_0","webkit2gtk3-0:2.50.0-1.el8_2","webkit2gtk3-0:2.50.0-1.el8_4","webkit2gtk3-0:2.50.1-0.el9_6","webkitgtk4-0:2.50.0-1.el7_9"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-31277.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2025-43213","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448781","bugzilla_description":"webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43213.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2025-43214","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448782","bugzilla_description":"webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43214.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2025-43433","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":["RHSA-2025:23743","RHSA-2025:22789","RHSA-2025:23434","RHSA-2025:23742","RHSA-2025:23433","RHSA-2025:22790","RHSA-2025:23452","RHSA-2025:23583","RHSA-2025:23451","RHSA-2025:23110","RHSA-2025:23591"],"bugzilla":"2448783","bugzilla_description":"webkitgtk: Processing maliciously crafted web content may lead to memory corruption","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":["webkitgtk4-0:2.50.3-2.el7_9","webkit2gtk3-0:2.50.3-2.el8_6","webkit2gtk3-0:2.50.3-1.el9_0","webkit2gtk3-0:2.50.3-2.el8_8","webkit2gtk3-0:2.50.3-2.el8_2","webkit2gtk3-0:2.50.3-2.el8_4","webkit2gtk3-0:2.50.3-1.el8_10","webkit2gtk3-0:2.50.3-1.el9_6","webkit2gtk3-0:2.50.3-1.el9_7","webkit2gtk3-0:2.50.3-1.el9_4","webkit2gtk3-0:2.50.3-1.el9_2"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43433.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2025-43438","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":["RHSA-2025:23743","RHSA-2025:22789","RHSA-2025:23434","RHSA-2025:23742","RHSA-2025:23433","RHSA-2025:22790","RHSA-2025:23452","RHSA-2025:23583","RHSA-2025:23451","RHSA-2025:23110","RHSA-2025:23591"],"bugzilla":"2448784","bugzilla_description":"webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-416","affected_packages":["webkitgtk4-0:2.50.3-2.el7_9","webkit2gtk3-0:2.50.3-2.el8_6","webkit2gtk3-0:2.50.3-1.el9_0","webkit2gtk3-0:2.50.3-2.el8_8","webkit2gtk3-0:2.50.3-2.el8_2","webkit2gtk3-0:2.50.3-2.el8_4","webkit2gtk3-0:2.50.3-1.el8_10","webkit2gtk3-0:2.50.3-1.el9_6","webkit2gtk3-0:2.50.3-1.el9_7","webkit2gtk3-0:2.50.3-1.el9_4","webkit2gtk3-0:2.50.3-1.el9_2"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43438.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2025-43441","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":["RHSA-2025:23743","RHSA-2025:22789","RHSA-2025:23434","RHSA-2025:23742","RHSA-2025:23433","RHSA-2025:22790","RHSA-2025:23452","RHSA-2025:23583","RHSA-2025:23451","RHSA-2025:23110","RHSA-2025:23591"],"bugzilla":"2448785","bugzilla_description":"webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":["webkitgtk4-0:2.50.3-2.el7_9","webkit2gtk3-0:2.50.3-2.el8_6","webkit2gtk3-0:2.50.3-1.el9_0","webkit2gtk3-0:2.50.3-2.el8_8","webkit2gtk3-0:2.50.3-2.el8_2","webkit2gtk3-0:2.50.3-2.el8_4","webkit2gtk3-0:2.50.3-1.el8_10","webkit2gtk3-0:2.50.3-1.el9_6","webkit2gtk3-0:2.50.3-1.el9_7","webkit2gtk3-0:2.50.3-1.el9_4","webkit2gtk3-0:2.50.3-1.el9_2"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43441.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2025-43457","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448786","bugzilla_description":"webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-416","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43457.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2025-43511","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448787","bugzilla_description":"webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-416","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-43511.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2025-46299","severity":"moderate","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448788","bugzilla_description":"webkitgtk: Processing maliciously crafted web content may disclose internal states of the app","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-909","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-46299.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-20608","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448789","bugzilla_description":"webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-20608.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-20635","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448790","bugzilla_description":"webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-20635.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-20636","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448791","bugzilla_description":"webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-20636.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-20644","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448792","bugzilla_description":"webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-20644.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-20652","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448793","bugzilla_description":"webkitgtk: A remote attacker may be able to cause a denial-of-service","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-20652.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-20676","severity":"moderate","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2448794","bugzilla_description":"webkitgtk: A website may be able to track users through Safari web extensions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-201","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-20676.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","cvss3_score":"4.3"},{"CVE":"CVE-2026-4462","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449381","bugzilla_description":"chromium-browser: Out of bounds read in Blink","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4462.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-4464","severity":"moderate","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449382","bugzilla_description":"chromium-browser: Integer overflow in ANGLE","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4464.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-4442","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449383","bugzilla_description":"chromium-browser: Heap buffer overflow in CSS","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4442.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-4439","severity":"critical","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449384","bugzilla_description":"chromium-browser: Out of bounds memory access in WebGL","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4439.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-4451","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449385","bugzilla_description":"chromium-browser: Insufficient validation of untrusted input in Navigation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1286","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4451.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"8.2"},{"CVE":"CVE-2026-4453","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449387","bugzilla_description":"chromium-browser: Integer overflow in Dawn","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4453.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N","cvss3_score":"7.4"},{"CVE":"CVE-2026-4452","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449388","bugzilla_description":"chromium-browser: Integer overflow in ANGLE","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4452.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-4447","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449389","bugzilla_description":"chromium-browser: Inappropriate implementation in V8","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-843","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4447.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-4455","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449392","bugzilla_description":"chromium-browser: Heap buffer overflow in PDFium","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4455.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-4440","severity":"critical","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449394","bugzilla_description":"chromium-browser: Out of bounds read and write in WebGL","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4440.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-4458","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449395","bugzilla_description":"chromium-browser: Use after free in Extensions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4458.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-4450","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449396","bugzilla_description":"chromium-browser: Out of bounds write in V8","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4450.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-4449","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449397","bugzilla_description":"chromium-browser: Use after free in Blink","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1341","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4449.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-4444","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449398","bugzilla_description":"chromium-browser: Stack buffer overflow in WebRTC","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4444.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-4461","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449399","bugzilla_description":"chromium-browser: Inappropriate implementation in V8","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4461.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-4443","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449401","bugzilla_description":"chromium-browser: Heap buffer overflow in WebAudio","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4443.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-4459","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449402","bugzilla_description":"chromium-browser: Out of bounds read and write in WebAudio","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4459.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-4446","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449405","bugzilla_description":"chromium-browser: Use after free in WebRTC","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4446.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-4448","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449406","bugzilla_description":"chromium-browser: Heap buffer overflow in ANGLE","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4448.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-4456","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449407","bugzilla_description":"chromium-browser: Use after free in Digital Credentials API","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4456.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.0"},{"CVE":"CVE-2026-4457","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449409","bugzilla_description":"chromium-browser: Type Confusion in V8","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-843","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4457.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-4460","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449412","bugzilla_description":"chromium-browser: Out of bounds read in Skia","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4460.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-4463","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449413","bugzilla_description":"chromium-browser: Heap buffer overflow in WebRTC","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4463.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-4454","severity":"important","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449414","bugzilla_description":"chromium-browser: Use after free in Network","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4454.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-4441","severity":"critical","public_date":"2026-03-18T00:00:00Z","advisories":[],"bugzilla":"2449415","bugzilla_description":"chromium-browser: Use after free in Base","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4441.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-27978","severity":"moderate","public_date":"2026-03-17T23:59:22Z","advisories":[],"bugzilla":"2448513","bugzilla_description":"next.js: Next.js: null origin can bypass Server Actions CSRF checks","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-346","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27978.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","cvss3_score":"4.3"},{"CVE":"CVE-2026-27977","severity":"moderate","public_date":"2026-03-17T23:56:24Z","advisories":[],"bugzilla":"2448514","bugzilla_description":"next.js: Next.js: null origin can bypass dev HMR websocket CSRF checks","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-346","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27977.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N","cvss3_score":"4.2"},{"CVE":"CVE-2026-27459","severity":"important","public_date":"2026-03-17T23:34:28Z","advisories":[],"bugzilla":"2448503","bugzilla_description":"pyOpenSSL: DTLS cookie callback buffer overflow","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27459.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"8.1"},{"CVE":"CVE-2026-27448","severity":"moderate","public_date":"2026-03-17T23:24:30Z","advisories":[],"bugzilla":"2448508","bugzilla_description":"pyOpenSSL: TLS connection bypass via unhandled callback exception in set_tlsext_servername_callback","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-636","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27448.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N","cvss3_score":"5.4"},{"CVE":"CVE-2026-4359","severity":"moderate","public_date":"2026-03-17T19:42:03Z","advisories":[],"bugzilla":"2448447","bugzilla_description":"mongo-c-driver: mongo-c-driver: Denial of Service via malformed HTTP response","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-170","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4359.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.9"},{"CVE":"CVE-2026-32981","severity":"important","public_date":"2026-03-17T19:33:50Z","advisories":["RHSA-2026:5809","RHSA-2026:6762","RHSA-2026:6761"],"bugzilla":"2448440","bugzilla_description":"ray: Ray Dashboard Path Traversal Leading to Local File Disclosure","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":["rhaiis/model-opt-cuda-rhel9:sha256:950e0d72a64f8a7b6414be2d9ab01ba8342a900e3b4c272295a3d63ef0a6d22c","rhaiis/vllm-cuda-rhel9:sha256:bd371b1b8785b2f5799cbca4a12a1c66a1e8a37017334a79eaa1067b24b6a6ba","rhaiis/vllm-rocm-rhel9:sha256:3e9fbe1a078889d05d0291ef5cfba07924540609f8315c1c88d0f1a13eca5d45"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32981.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-32837","severity":"moderate","public_date":"2026-03-17T19:10:06Z","advisories":[],"bugzilla":"2448445","bugzilla_description":"miniaudio: miniaudio: Denial of Service via crafted WAV files due to heap out-of-bounds read","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-170","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32837.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-4324","severity":"moderate","public_date":"2026-03-17T13:18:00Z","advisories":["RHSA-2026:5968","RHSA-2026:5970"],"bugzilla":"2448349","bugzilla_description":"rubygem-katello: Katello: Denial of Service and potential information disclosure via SQL injection","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-89","affected_packages":["foreman-0:3.14.0.14-1.el9sat","rubygem-katello-0:4.16.0.14-1.el9sat","rubygem-fog-kubevirt-0:1.5.1-1.el9sat","python-pulp-container-0:2.22.3-1.el9pc","python-pulp-rpm-0:3.27.10-2.el9pc","python-django-0:4.2.28-0.1.el9pc","rubygem-rubyipmi-0:0.13.0-1.el9sat","satellite-0:6.17.7-1.el9sat","libcomps-0:0.1.23-0.3.el9pc","rubygem-katello-0:4.18.0.9-1.el9sat","python-brotli-0:1.2.0-0.1.el9pc","rubygem-foreman_kubevirt-0:0.4.3-1.el9sat","yggdrasil-worker-forwarder-0:0.0.3-4.el9sat"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4324.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L","cvss3_score":"5.4"},{"CVE":"CVE-2026-23241","severity":"moderate","public_date":"2026-03-17T00:00:00Z","advisories":[],"bugzilla":"2448335","bugzilla_description":"kernel: audit: add missing syscalls to read class","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-693","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23241.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"5.1"},{"CVE":"CVE-2025-71239","severity":"moderate","public_date":"2026-03-17T00:00:00Z","advisories":[],"bugzilla":"2448336","bugzilla_description":"kernel: audit: add fchmodat2() to change attributes class","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-693","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-71239.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"5.1"},{"CVE":"CVE-2026-4177","severity":"important","public_date":"2026-03-16T22:30:25Z","advisories":["RHSA-2026:6470"],"bugzilla":"2448277","bugzilla_description":"perl-YAML-Syck: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":["perl-YAML-Syck-0:1.30-6.el8_10"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4177.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","cvss3_score":"7.3"},{"CVE":"CVE-2026-32829","severity":"important","public_date":"2026-03-16T20:48:08Z","advisories":[],"bugzilla":"2448271","bugzilla_description":"lz4_flex: lz4_flex's decompression can leak information from uninitialized memory or reused output buffer","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-823","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32829.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2025-69196","severity":"important","public_date":"2026-03-16T18:07:06Z","advisories":[],"bugzilla":"2448179","bugzilla_description":"fastmcp: FastMCP: Improper token issuance due to incorrect resource parameter handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1220","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69196.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"7.4"},{"CVE":"CVE-2026-28498","severity":"important","public_date":"2026-03-16T18:03:28Z","advisories":["RHSA-2026:6309","RHSA-2026:6404","RHSA-2026:6912","RHSA-2026:6720","RHSA-2026:6568","RHSA-2026:6567","RHSA-2026:6497"],"bugzilla":"2448182","bugzilla_description":"authlib: Authlib: Authentication bypass via forged OpenID Connect ID Tokens","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-325","affected_packages":["ansible-automation-platform-26/lightspeed-chatbot-rhel9:sha256:111c3fa869282760a7408db240e5fbddd74816fa5ffc12578c267427eae8eb96","quay/quay-rhel8:sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b","quay/quay-rhel8:sha256:356815af5f87ce3a8e0ee8213bb9b5537b658f29338b51f63672c7e5d7a5a50b","quay/quay-rhel8:sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b","quay/quay-rhel9:sha256:0bc25ef16eabd14562b5c15b2f242558ace42865d416820420d669436d9d71ae","quay/quay-rhel9:sha256:5937639bb3bc4fd76c1dfa9d1550f8ab955a5d12b44794c076d127a5ba4d68a4"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28498.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"9.1"},{"CVE":"CVE-2026-4224","severity":"moderate","public_date":"2026-03-16T17:52:26Z","advisories":[],"bugzilla":"2448181","bugzilla_description":"cpython: Stack overflow parsing XML with deeply nested DTD content models","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-805","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4224.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.9"},{"CVE":"CVE-2026-28490","severity":"moderate","public_date":"2026-03-16T17:37:57Z","advisories":[],"bugzilla":"2448162","bugzilla_description":"authlib: Authlib: Information disclosure due to cryptographic padding oracle in JWE RSA1_5","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-325","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28490.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"5.9"},{"CVE":"CVE-2026-3644","severity":"moderate","public_date":"2026-03-16T17:37:31Z","advisories":[],"bugzilla":"2448168","bugzilla_description":"cpython: Incomplete control character validation in http.cookies","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-791","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3644.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"5.4"},{"CVE":"CVE-2026-27962","severity":"important","public_date":"2026-03-16T17:34:38Z","advisories":["RHSA-2026:4942","RHSA-2026:5665"],"bugzilla":"2448164","bugzilla_description":"authlib: Authlib: Authentication bypass due to JWK Header Injection vulnerability","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-347","affected_packages":["quay/quay-rhel8:sha256:2f62df99c2b7697461a2865380344c90a6fb8aec7b279f8f2f6e0684b662d19f","quay/quay-rhel8:sha256:6e13793ca8f309ec0b69ae609b840ff0f41989d88cd4bba127e1b0040631367e"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27962.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"9.1"},{"CVE":"CVE-2026-32778","severity":"moderate","public_date":"2026-03-16T07:02:34Z","advisories":[],"bugzilla":"2447885","bugzilla_description":"libexpat: libexpat: Denial of Service via NULL pointer dereference after out-of-memory condition","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32778.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.1"},{"CVE":"CVE-2026-32777","severity":"moderate","public_date":"2026-03-16T06:58:06Z","advisories":[],"bugzilla":"2447890","bugzilla_description":"libexpat: libexpat: Denial of Service via infinite loop in DTD content parsing","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32777.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"4.0"},{"CVE":"CVE-2026-32776","severity":"moderate","public_date":"2026-03-16T06:54:20Z","advisories":[],"bugzilla":"2447888","bugzilla_description":"libexpat: libexpat: Denial of Service due to NULL pointer dereference","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32776.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.2"},{"CVE":"CVE-2026-32775","severity":"moderate","public_date":"2026-03-16T06:31:36Z","advisories":[],"bugzilla":"2447881","bugzilla_description":"libexif: libexif: Buffer overwrite via integer underflow in MakerNotes decoding","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-191","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32775.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-4271","severity":"moderate","public_date":"2026-03-16T00:00:00Z","advisories":[],"bugzilla":"2448044","bugzilla_description":"libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-416","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4271.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2025-69693","severity":"moderate","public_date":"2026-03-16T00:00:00Z","advisories":[],"bugzilla":"2448195","bugzilla_description":"FFmpeg: out-of-bounds read in RV60 video decoder","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69693.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H","cvss3_score":"7.1"},{"CVE":"CVE-2025-68971","severity":"moderate","public_date":"2026-03-16T00:00:00Z","advisories":[],"bugzilla":"2448387","bugzilla_description":"forgejo: Forgejo: Denial of Service via large file attachment upload","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68971.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-4174","severity":"moderate","public_date":"2026-03-15T10:32:10Z","advisories":[],"bugzilla":"2447696","bugzilla_description":"Radare2: Radare2: Local resource consumption via Mach-O File Parser","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1050","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4174.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"3.3"},{"CVE":"CVE-2025-14287","severity":"important","public_date":"2026-03-15T09:27:36Z","advisories":[],"bugzilla":"2447690","bugzilla_description":"mlflow: MLflow: Arbitrary command execution via unsanitized container image names","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-78","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14287.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.8"},{"CVE":"CVE-2025-54920","severity":"moderate","public_date":"2026-03-14T09:01:50Z","advisories":[],"bugzilla":"2447599","bugzilla_description":"org.apache.spark/spark-core: Apache Spark: Spark History Server Code Execution Vulnerability","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-94","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54920.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L","cvss3_score":"6.7"},{"CVE":"CVE-2026-32640","severity":"important","public_date":"2026-03-13T21:03:53Z","advisories":[],"bugzilla":"2447529","bugzilla_description":"simpleeval: SimpleEval: Arbitrary code execution via sandbox escape due to improper object handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-915","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32640.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-32635","severity":"moderate","public_date":"2026-03-13T20:58:12Z","advisories":[],"bugzilla":"2447515","bugzilla_description":"@angular/core: @angular/compiler: Angular has XSS in i18n attribute bindings","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-79","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32635.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","cvss3_score":"6.3"},{"CVE":"CVE-2026-32630","severity":"moderate","public_date":"2026-03-13T20:54:16Z","advisories":[],"bugzilla":"2447514","bugzilla_description":"file-type: file-type: Denial of Service via excessive memory growth from crafted ZIP files","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-409","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32630.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-3084","severity":"important","public_date":"2026-03-13T20:42:03Z","advisories":[],"bugzilla":"2447483","bugzilla_description":"GStreamer: GStreamer: Remote Code Execution via integer underflow in H.266 Codec Parser","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-191","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3084.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.8"},{"CVE":"CVE-2026-2921","severity":"important","public_date":"2026-03-13T20:41:50Z","advisories":["RHSA-2026:6259","RHSA-2026:6300","RHSA-2026:6750"],"bugzilla":"2447496","bugzilla_description":"GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":["gstreamer1-plugins-ugly-free-0:1.22.12-4.el9_7","gstreamer1-plugins-base-0:1.22.12-5.el9_7","gstreamer1-plugins-base-0:1.24.11-2.el10_1","gstreamer1-plugins-bad-free-0:1.24.11-3.el10_1","gstreamer1-plugins-bad-free-0:1.22.12-5.el9_7","gstreamer1-plugins-good-0:1.24.11-2.el10_1","gstreamer1-plugins-good-0:1.16.1-6.el8_10","gstreamer1-plugins-ugly-free-0:1.24.11-2.el10_1","gstreamer1-plugins-bad-free-0:1.16.1-6.el8_10","gstreamer1-plugins-base-0:1.16.1-6.el8_10","gstreamer1-plugins-good-0:1.22.12-5.el9_7"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2921.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.8"},{"CVE":"CVE-2026-3083","severity":"important","public_date":"2026-03-13T20:41:31Z","advisories":["RHSA-2026:6259","RHSA-2026:6300","RHSA-2026:6750"],"bugzilla":"2447498","bugzilla_description":"GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":["gstreamer1-plugins-ugly-free-0:1.22.12-4.el9_7","gstreamer1-plugins-base-0:1.22.12-5.el9_7","gstreamer1-plugins-base-0:1.24.11-2.el10_1","gstreamer1-plugins-bad-free-0:1.24.11-3.el10_1","gstreamer1-plugins-bad-free-0:1.22.12-5.el9_7","gstreamer1-plugins-good-0:1.24.11-2.el10_1","gstreamer1-plugins-good-0:1.16.1-6.el8_10","gstreamer1-plugins-ugly-free-0:1.24.11-2.el10_1","gstreamer1-plugins-bad-free-0:1.16.1-6.el8_10","gstreamer1-plugins-base-0:1.16.1-6.el8_10","gstreamer1-plugins-good-0:1.22.12-5.el9_7"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3083.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-3086","severity":"important","public_date":"2026-03-13T20:40:12Z","advisories":[],"bugzilla":"2447493","bugzilla_description":"GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in H.266 Codec Parser","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3086.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.8"},{"CVE":"CVE-2026-3085","severity":"important","public_date":"2026-03-13T20:40:02Z","advisories":["RHSA-2026:6259","RHSA-2026:6300","RHSA-2026:6750"],"bugzilla":"2447495","bugzilla_description":"GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1284","affected_packages":["gstreamer1-plugins-ugly-free-0:1.22.12-4.el9_7","gstreamer1-plugins-base-0:1.22.12-5.el9_7","gstreamer1-plugins-base-0:1.24.11-2.el10_1","gstreamer1-plugins-bad-free-0:1.24.11-3.el10_1","gstreamer1-plugins-bad-free-0:1.22.12-5.el9_7","gstreamer1-plugins-good-0:1.24.11-2.el10_1","gstreamer1-plugins-good-0:1.16.1-6.el8_10","gstreamer1-plugins-ugly-free-0:1.24.11-2.el10_1","gstreamer1-plugins-bad-free-0:1.16.1-6.el8_10","gstreamer1-plugins-base-0:1.16.1-6.el8_10","gstreamer1-plugins-good-0:1.22.12-5.el9_7"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3085.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-3082","severity":"important","public_date":"2026-03-13T20:39:33Z","advisories":["RHSA-2026:6259","RHSA-2026:6300","RHSA-2026:6750"],"bugzilla":"2447492","bugzilla_description":"GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":["gstreamer1-plugins-ugly-free-0:1.22.12-4.el9_7","gstreamer1-plugins-base-0:1.22.12-5.el9_7","gstreamer1-plugins-base-0:1.24.11-2.el10_1","gstreamer1-plugins-bad-free-0:1.24.11-3.el10_1","gstreamer1-plugins-bad-free-0:1.22.12-5.el9_7","gstreamer1-plugins-good-0:1.24.11-2.el10_1","gstreamer1-plugins-good-0:1.16.1-6.el8_10","gstreamer1-plugins-ugly-free-0:1.24.11-2.el10_1","gstreamer1-plugins-bad-free-0:1.16.1-6.el8_10","gstreamer1-plugins-base-0:1.16.1-6.el8_10","gstreamer1-plugins-good-0:1.22.12-5.el9_7"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3082.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.8"},{"CVE":"CVE-2026-3081","severity":"important","public_date":"2026-03-13T20:39:20Z","advisories":[],"bugzilla":"2447494","bugzilla_description":"GStreamer: GStreamer: Arbitrary code execution via H.266 codec parsing stack-based buffer overflow","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3081.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.8"},{"CVE":"CVE-2026-2923","severity":"important","public_date":"2026-03-13T20:39:01Z","advisories":["RHSA-2026:6259","RHSA-2026:6300","RHSA-2026:6750"],"bugzilla":"2447503","bugzilla_description":"GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":["gstreamer1-plugins-ugly-free-0:1.22.12-4.el9_7","gstreamer1-plugins-base-0:1.22.12-5.el9_7","gstreamer1-plugins-base-0:1.24.11-2.el10_1","gstreamer1-plugins-bad-free-0:1.24.11-3.el10_1","gstreamer1-plugins-bad-free-0:1.22.12-5.el9_7","gstreamer1-plugins-good-0:1.24.11-2.el10_1","gstreamer1-plugins-good-0:1.16.1-6.el8_10","gstreamer1-plugins-ugly-free-0:1.24.11-2.el10_1","gstreamer1-plugins-bad-free-0:1.16.1-6.el8_10","gstreamer1-plugins-base-0:1.16.1-6.el8_10","gstreamer1-plugins-good-0:1.22.12-5.el9_7"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2923.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.8"},{"CVE":"CVE-2026-2922","severity":"important","public_date":"2026-03-13T20:38:49Z","advisories":["RHSA-2026:6259","RHSA-2026:6300"],"bugzilla":"2447500","bugzilla_description":"GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":["gstreamer1-plugins-ugly-free-0:1.22.12-4.el9_7","gstreamer1-plugins-base-0:1.22.12-5.el9_7","gstreamer1-plugins-base-0:1.24.11-2.el10_1","gstreamer1-plugins-bad-free-0:1.24.11-3.el10_1","gstreamer1-plugins-bad-free-0:1.22.12-5.el9_7","gstreamer1-plugins-good-0:1.24.11-2.el10_1","gstreamer1-plugins-ugly-free-0:1.24.11-2.el10_1","gstreamer1-plugins-good-0:1.22.12-5.el9_7"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2922.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.8"},{"CVE":"CVE-2026-2920","severity":"important","public_date":"2026-03-13T20:38:27Z","advisories":["RHSA-2026:6259","RHSA-2026:6300","RHSA-2026:6750"],"bugzilla":"2447490","bugzilla_description":"GStreamer: GStreamer: Arbitrary code execution via ASF file processing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":["gstreamer1-plugins-ugly-free-0:1.22.12-4.el9_7","gstreamer1-plugins-base-0:1.22.12-5.el9_7","gstreamer1-plugins-base-0:1.24.11-2.el10_1","gstreamer1-plugins-bad-free-0:1.24.11-3.el10_1","gstreamer1-plugins-bad-free-0:1.22.12-5.el9_7","gstreamer1-plugins-good-0:1.24.11-2.el10_1","gstreamer1-plugins-good-0:1.16.1-6.el8_10","gstreamer1-plugins-ugly-free-0:1.24.11-2.el10_1","gstreamer1-plugins-bad-free-0:1.16.1-6.el8_10","gstreamer1-plugins-base-0:1.16.1-6.el8_10","gstreamer1-plugins-good-0:1.22.12-5.el9_7"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2920.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.8"},{"CVE":"CVE-2026-31899","severity":"important","public_date":"2026-03-13T19:38:43Z","advisories":[],"bugzilla":"2447447","bugzilla_description":"CairoSVG: CairoSVG: Denial of Service via recursive <use> element amplification","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-776","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31899.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-30853","severity":"moderate","public_date":"2026-03-13T19:00:09Z","advisories":[],"bugzilla":"2447437","bugzilla_description":"calibre: Calibre: Arbitrary file write via crafted RocketBook (.rb) file","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30853.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L","cvss3_score":"5.0"},{"CVE":"CVE-2026-31897","severity":"low","public_date":"2026-03-13T17:42:11Z","advisories":[],"bugzilla":"2447380","bugzilla_description":"freerdp: FreeRDP has an out-of-bounds read in `freerdp_bitmap_decompress_planar`","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31897.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L","cvss3_score":"3.1"},{"CVE":"CVE-2026-31806","severity":"important","public_date":"2026-03-13T17:40:19Z","advisories":["RHSA-2026:6958","RHSA-2026:6727","RHSA-2026:6340","RHSA-2026:6799","RHSA-2026:6743","RHSA-2026:6918"],"bugzilla":"2447376","bugzilla_description":"freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":["freerdp-2:2.11.7-1.el9_6.7","freerdp-2:2.11.7-1.el9_7.5","freerdp-2:2.11.2-1.el9_4.5","freerdp-2:3.10.3-5.el10_1.5","freerdp-2:2.11.7-6.el8_10","freerdp-2:3.10.3-3.el10_0.5"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31806.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-31885","severity":"moderate","public_date":"2026-03-13T17:38:23Z","advisories":[],"bugzilla":"2447383","bugzilla_description":"freerdp: FreeRDP has an out-of-bounds read in ADPCM decoders due to missing predictor/step_index bounds checks","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31885.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-31884","severity":"moderate","public_date":"2026-03-13T17:36:57Z","advisories":[],"bugzilla":"2447385","bugzilla_description":"freerdp: FreeRDP has a division-by-zero in ADPCM decoders when `nBlockAlign` is 0","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-369","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31884.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-31883","severity":"moderate","public_date":"2026-03-13T17:35:17Z","advisories":[],"bugzilla":"2447386","bugzilla_description":"freerdp: FreeRDP: Denial of Service via crafted audio data in RDP","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-191","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31883.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","cvss3_score":"7.3"},{"CVE":"CVE-2026-29776","severity":"low","public_date":"2026-03-13T17:33:10Z","advisories":[],"bugzilla":"2447381","bugzilla_description":"freerdp: FreeRDP has an Integer Underflow in update_read_cache_bitmap_order Function of FreeRDP's Core Library","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29776.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L","cvss3_score":"3.1"},{"CVE":"CVE-2026-29775","severity":"moderate","public_date":"2026-03-13T17:28:39Z","advisories":[],"bugzilla":"2447379","bugzilla_description":"freerdp: FreeRDP has a heap-buffer-overflow in bitmap_cache_put via OOB cacheId","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29775.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-29774","severity":"moderate","public_date":"2026-03-13T17:26:58Z","advisories":[],"bugzilla":"2447382","bugzilla_description":"freerdp: FreeRDP has a heap-buffer-overflow in avc420_yuv_to_rgb via OOB regionRects","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29774.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-2673","severity":"low","public_date":"2026-03-13T13:23:00Z","advisories":[],"bugzilla":"2447327","bugzilla_description":"openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-325","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2673.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N","cvss3_score":"3.1"},{"CVE":"CVE-2025-57849","severity":"moderate","public_date":"2026-03-13T02:52:00Z","advisories":[],"bugzilla":"2391100","bugzilla_description":"fuse: privilege escalation via excessive /etc/passwd permissions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-276","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-57849.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"6.4"},{"CVE":"CVE-2025-8766","severity":"important","public_date":"2026-03-13T02:37:00Z","advisories":[],"bugzilla":"2387265","bugzilla_description":"noobaa-core: Excessive permissions of /etc could lead to escalation of privilege in the noobaa-core container","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-276","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-8766.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"6.4"},{"CVE":"CVE-2026-3312","severity":"moderate","public_date":"2026-03-13T00:00:00Z","advisories":[],"bugzilla":"2443259","bugzilla_description":"pagure: Pagure: Information disclosure via unrestricted reStructuredText include directive","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3312.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","cvss3_score":"7.7"},{"CVE":"CVE-2026-4105","severity":"moderate","public_date":"2026-03-13T00:00:00Z","advisories":[],"bugzilla":"2447262","bugzilla_description":"systemd: systemd: Privilege escalation via improper access control in RegisterMachine D-Bus method","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-284","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4105.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"6.7"},{"CVE":"CVE-2026-32597","severity":"important","public_date":"2026-03-12T21:41:50Z","advisories":["RHSA-2026:6926","RHSA-2026:6912","RHSA-2026:6720","RHSA-2026:6568"],"bugzilla":"2447194","bugzilla_description":"pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-347","affected_packages":["quay/quay-rhel8:sha256:8acebb6bd51def60517b03f92103cecfadfc8e7fce42e4a002cb9c9271915b6b","quay/quay-rhel8:sha256:08299d2ffb70a6b3f892ca732f97961a10a72cb4d4c123f10e81633f5c1c69ea","quay/quay-rhel8:sha256:356815af5f87ce3a8e0ee8213bb9b5537b658f29338b51f63672c7e5d7a5a50b","quay/quay-rhel8:sha256:a0b2026075e946fc046a6be46170a902051230d147061868209d559abd71981b"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32597.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-32304","severity":"important","public_date":"2026-03-12T21:24:51Z","advisories":[],"bugzilla":"2447200","bugzilla_description":"locutusjs: Locutus: Arbitrary code execution via unsanitized parameters in create_function","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-88","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32304.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-2229","severity":"important","public_date":"2026-03-12T20:27:05Z","advisories":["RHSA-2026:7080","RHSA-2026:7123","RHSA-2026:5807"],"bugzilla":"2447143","bugzilla_description":"undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-248","affected_packages":["rhoai/odh-dashboard-rhel8:sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018","nodejs22-1:22.22.2-1.el10_1","nodejs:22-8100020260331102257.6d880403"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2229.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-1528","severity":"important","public_date":"2026-03-12T20:21:57Z","advisories":["RHSA-2026:7080","RHSA-2026:7123","RHSA-2026:5807"],"bugzilla":"2447145","bugzilla_description":"undici: undici: Denial of Service via crafted WebSocket frame with large length","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-248","affected_packages":["rhoai/odh-dashboard-rhel8:sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018","nodejs22-1:22.22.2-1.el10_1","nodejs:22-8100020260331102257.6d880403"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1528.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-1527","severity":"moderate","public_date":"2026-03-12T20:17:18Z","advisories":[],"bugzilla":"2447141","bugzilla_description":"undici: Undici: HTTP header injection and request smuggling vulnerability","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-93","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1527.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L","cvss3_score":"6.5"},{"CVE":"CVE-2026-2581","severity":"moderate","public_date":"2026-03-12T20:13:19Z","advisories":[],"bugzilla":"2447140","bugzilla_description":"undici: Undici: Denial of Service due to uncontrolled resource consumption","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2581.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.9"},{"CVE":"CVE-2026-1526","severity":"important","public_date":"2026-03-12T20:08:05Z","advisories":["RHSA-2026:7080","RHSA-2026:7123","RHSA-2026:5807"],"bugzilla":"2447142","bugzilla_description":"undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":["rhoai/odh-dashboard-rhel8:sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018","nodejs22-1:22.22.2-1.el10_1","nodejs:22-8100020260331102257.6d880403"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1526.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-1525","severity":"moderate","public_date":"2026-03-12T19:56:55Z","advisories":["RHSA-2026:7080","RHSA-2026:7123"],"bugzilla":"2447144","bugzilla_description":"undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-444","affected_packages":["nodejs22-1:22.22.2-1.el10_1","nodejs:22-8100020260331102257.6d880403"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1525.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","cvss3_score":"7.3"},{"CVE":"CVE-2026-32274","severity":"important","public_date":"2026-03-12T19:47:07Z","advisories":[],"bugzilla":"2447111","bugzilla_description":"black: Black: Arbitrary file writes from unsanitized user input in cache file name","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32274.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-32259","severity":"moderate","public_date":"2026-03-12T19:38:12Z","advisories":[],"bugzilla":"2447112","bugzilla_description":"ImageMagick: stack-based buffer overflow in sixel encoder","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-121","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32259.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H","cvss3_score":"5.3"},{"CVE":"CVE-2026-32240","severity":"moderate","public_date":"2026-03-12T19:35:57Z","advisories":[],"bugzilla":"2447117","bugzilla_description":"capnproto: Cap'n Proto: Integer overflow in KJ-HTTP chunk size","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32240.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"4.8"},{"CVE":"CVE-2026-32239","severity":"moderate","public_date":"2026-03-12T19:33:25Z","advisories":[],"bugzilla":"2447106","bugzilla_description":"capnproto: Cap'n Proto has an integer overflow in KJ-HTTP","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-681","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32239.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"4.8"},{"CVE":"CVE-2026-32249","severity":"low","public_date":"2026-03-12T19:17:23Z","advisories":[],"bugzilla":"2447110","bugzilla_description":"vim: NFA regex engine NULL pointer dereference","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-476","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32249.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-32237","severity":"moderate","public_date":"2026-03-12T18:38:57Z","advisories":[],"bugzilla":"2447080","bugzilla_description":"@backstage/plugin-scaffolder-backend: @backstage/plugin-scaffolder-backend: Possible exposure of defaultEnvironment secrets using dry-run endpoint","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-497","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32237.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"4.4"},{"CVE":"CVE-2026-32236","severity":null,"public_date":"2026-03-12T18:37:11Z","advisories":[],"bugzilla":"2447090","bugzilla_description":"@backstage/plugin-auth-backend: @backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-918","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32236.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N"},{"CVE":"CVE-2026-32235","severity":"moderate","public_date":"2026-03-12T18:35:06Z","advisories":[],"bugzilla":"2447075","bugzilla_description":"@backstage/plugin-auth-backend: @backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-601","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32235.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N","cvss3_score":"5.9"},{"CVE":"CVE-2026-3497","severity":"important","public_date":"2026-03-12T18:27:44Z","advisories":["RHSA-2026:6461","RHSA-2026:7107","RHSA-2026:6463","RHSA-2026:6462"],"bugzilla":"2447085","bugzilla_description":"openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-824","affected_packages":["openssh-0:9.9p1-13.el10_1","openssh-0:8.7p1-48.el9_7","openssh-0:8.0p1-28.el8_10","openssh-0:9.9p1-7.el10_0.2"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3497.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H","cvss3_score":"8.2"},{"CVE":"CVE-2026-32141","severity":"important","public_date":"2026-03-12T18:08:09Z","advisories":["RHSA-2026:5807"],"bugzilla":"2447083","bugzilla_description":"flatted: flatted: Unbounded recursion DoS in parse() revive phase","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":["rhoai/odh-dashboard-rhel8:sha256:022c21f044dead0ff28bfc5fb5fb2fd51f3ed8e1a6cfc90bd18222abf0388018"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32141.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-28356","severity":"important","public_date":"2026-03-12T16:45:01Z","advisories":["RHSA-2026:5809","RHSA-2026:6762","RHSA-2026:6761"],"bugzilla":"2447059","bugzilla_description":"multipart: denial of service via maliciously crafted HTTP or multipart segment headers","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1333","affected_packages":["rhaiis/model-opt-cuda-rhel9:sha256:950e0d72a64f8a7b6414be2d9ab01ba8342a900e3b4c272295a3d63ef0a6d22c","rhaiis/vllm-cuda-rhel9:sha256:bd371b1b8785b2f5799cbca4a12a1c66a1e8a37017334a79eaa1067b24b6a6ba","rhaiis/vllm-rocm-rhel9:sha256:3e9fbe1a078889d05d0291ef5cfba07924540609f8315c1c88d0f1a13eca5d45"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28356.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2025-70873","severity":"low","public_date":"2026-03-12T00:00:00Z","advisories":[],"bugzilla":"2447086","bugzilla_description":"sqlite: SQLite: Information Disclosure via Crafted ZIP File","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-908","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-70873.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N","cvss3_score":"3.3"},{"CVE":"CVE-2026-3909","severity":"important","public_date":"2026-03-12T00:00:00Z","advisories":[],"bugzilla":"2447195","bugzilla_description":"chromium-browser: Out of bounds write in Skia","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3909.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-3910","severity":"important","public_date":"2026-03-12T00:00:00Z","advisories":[],"bugzilla":"2447199","bugzilla_description":"chromium-browser: Inappropriate implementation in V8","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3910.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-2808","severity":"moderate","public_date":"2026-03-11T23:08:32Z","advisories":[],"bugzilla":"2446879","bugzilla_description":"github.com/hashicorp/consul: HashiCorp Consul: Arbitrary file read via Kubernetes authentication configuration","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-59","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2808.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","cvss3_score":"6.8"},{"CVE":"CVE-2026-31958","severity":"moderate","public_date":"2026-03-11T19:27:23Z","advisories":[],"bugzilla":"2446765","bugzilla_description":"tornado-python: Tornado: Denial of Service via large multipart bodies","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31958.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-3950","severity":"low","public_date":"2026-03-11T19:02:08Z","advisories":[],"bugzilla":"2446751","bugzilla_description":"libheif: libheif: Denial of Service via out-of-bounds read in Track::load function","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3950.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"3.3"},{"CVE":"CVE-2026-3949","severity":"low","public_date":"2026-03-11T18:32:09Z","advisories":[],"bugzilla":"2446725","bugzilla_description":"libheif: libheif: Out-of-bounds read via local argument manipulation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-805","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3949.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"3.3"},{"CVE":"CVE-2026-31870","severity":"important","public_date":"2026-03-11T17:57:49Z","advisories":[],"bugzilla":"2446713","bugzilla_description":"cpp-httplib: cpp-httplib: Denial of Service via malformed Content-Length header","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1287","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31870.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-30226","severity":"moderate","public_date":"2026-03-11T17:47:40Z","advisories":[],"bugzilla":"2446675","bugzilla_description":"devalue: Devalue: Denial of Service or type confusion via prototype pollution","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-843","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30226.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.9"},{"CVE":"CVE-2026-31853","severity":"moderate","public_date":"2026-03-11T17:09:46Z","advisories":[],"bugzilla":"2446690","bugzilla_description":"imagemagick: ImageMagick: Denial of Service via overflow in SFW decoder when processing large images on 32-bit systems","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-122","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31853.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-1471","severity":"low","public_date":"2026-03-11T16:30:24Z","advisories":[],"bugzilla":"2446566","bugzilla_description":"neo4j: Neo4j: Authentication context inheritance via excessive caching in SSO UserInfo endpoint","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-488","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1471.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"4.2"},{"CVE":"CVE-2026-29777","severity":"moderate","public_date":"2026-03-11T15:54:17Z","advisories":[],"bugzilla":"2446584","bugzilla_description":"github.com/traefik/traefik: Traefik: Traffic redirection and hostname bypass via unsanitized input in router rules","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-94","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29777.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N","cvss3_score":"6.8"},{"CVE":"CVE-2026-31892","severity":"important","public_date":"2026-03-11T15:41:14Z","advisories":[],"bugzilla":"2446551","bugzilla_description":"github.com/argoproj/argo-workflows: Argo Workflows: Security bypass allows privilege escalation via podSpecPatch field","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-807","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31892.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","cvss3_score":"9.9"},{"CVE":"CVE-2026-28229","severity":"important","public_date":"2026-03-11T15:37:47Z","advisories":[],"bugzilla":"2446549","bugzilla_description":"argo-workflows: Argo Workflows has unauthorized access to Argo Workflows Template","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-306","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28229.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-3904","severity":"moderate","public_date":"2026-03-11T13:19:09Z","advisories":[],"bugzilla":"2446533","bugzilla_description":"glibc: nscd client crash on x86_64 under high nscd load","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-366","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3904.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.9"},{"CVE":"CVE-2026-3805","severity":"moderate","public_date":"2026-03-11T10:09:37Z","advisories":[],"bugzilla":"2446451","bugzilla_description":"curl: curl: Arbitrary code execution or Denial of Service via use-after-free in SMB request handling","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3805.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L","cvss3_score":"6.3"},{"CVE":"CVE-2026-3784","severity":"moderate","public_date":"2026-03-11T10:09:21Z","advisories":[],"bugzilla":"2446449","bugzilla_description":"curl: curl: Unauthorized access due to improper HTTP proxy connection reuse","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-305","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3784.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-3783","severity":"moderate","public_date":"2026-03-11T10:09:08Z","advisories":[],"bugzilla":"2446450","bugzilla_description":"curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-201","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3783.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"5.7"},{"CVE":"CVE-2026-1965","severity":"moderate","public_date":"2026-03-11T10:08:52Z","advisories":[],"bugzilla":"2446448","bugzilla_description":"curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-303","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1965.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"6.8"},{"CVE":"CVE-2026-3911","severity":"low","public_date":"2026-03-11T03:30:00Z","advisories":["RHSA-2026:6478","RHSA-2026:6477"],"bugzilla":"2446392","bugzilla_description":"org.keycloak.services.resources.admin.UserResource: Keycloak: Information disclosure of disabled user attributes via administrative endpoint","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-359","affected_packages":["rhbk/keycloak-operator-bundle:26.4.11-1","rhbk/keycloak-rhel9","rhbk/keycloak-rhel9-operator:26.4-14","rhbk/keycloak-rhel9:26.4-14"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3911.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N","cvss3_score":"2.7"},{"CVE":"CVE-2026-4111","severity":"important","public_date":"2026-03-11T00:00:00Z","advisories":["RHSA-2026:5063","RHSA-2026:7093","RHSA-2026:6647","RHSA-2026:5080","RHSA-2026:7105","RHSA-2026:7106"],"bugzilla":"2446453","bugzilla_description":"libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-835","affected_packages":["libarchive-0:3.5.3-2.el9_0.3","libarchive-0:3.5.3-4.el9_4.2","libarchive-0:3.5.3-5.el9_2.1","libarchive-0:3.7.7-5.el10_1","libarchive-0:3.5.3-7.el9_7","libarchive-0:3.5.3-6.el9_6.1"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4111.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-31838","severity":"moderate","public_date":"2026-03-10T21:58:53Z","advisories":[],"bugzilla":"2446342","bugzilla_description":"istio: Istio: Authorization policy bypass via Envoy RBAC header matching with multiple header values","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-551","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31838.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","cvss3_score":"5.3"},{"CVE":"CVE-2026-31837","severity":"important","public_date":"2026-03-10T21:57:44Z","advisories":["RHSA-2026:5948","RHSA-2026:5950","RHSA-2026:5952"],"bugzilla":"2446344","bugzilla_description":"istio: Istio: Information disclosure and authentication bypass via JWKS resolver unavailability","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1392","affected_packages":["openshift-service-mesh/istio-pilot-rhel9:sha256:620f6be30fde3c8a5416f94405f520902f47989d431904963c308885d59d0e42","openshift-service-mesh/istio-pilot-rhel9:sha256:5396940a090c47c710fae9ccd2539dd2b7a62f3a0e43251f881d7307720b09fd","openshift-service-mesh/istio-proxyv2-rhel9:sha256:3f0bff703e601453f75c7eb46da31400a25267bd748aa7337ed9bcc30fc552e6","openshift-service-mesh/istio-proxyv2-rhel9:sha256:473c10e26272fee90233bb95c1c434f45c4fce2170ee99ff674c2d56642c2ef4","openshift-service-mesh/istio-pilot-rhel9:sha256:037536592c20bc7a10063a371a845a1805dd2bb59bd04ef65cff985fdb77724f","openshift-service-mesh/istio-proxyv2-rhel9:sha256:209714ace1c29c3b3c55f2dd5f15c988c7b942df623902dd2a49948d28d6a1e4"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31837.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-31826","severity":"moderate","public_date":"2026-03-10T21:36:52Z","advisories":[],"bugzilla":"2446336","bugzilla_description":"pypdf: pypdf: Denial of Service due to excessive memory consumption via crafted PDF","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31826.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-31812","severity":"important","public_date":"2026-03-10T21:04:36Z","advisories":["RHSA-2026:5459"],"bugzilla":"2446330","bugzilla_description":"quinn-proto: quinn-proto: Denial of Service via crafted QUIC Initial packet","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-248","affected_packages":["rhtas/tuffer-rhel9:sha256:f30c3610c1c840ea8edb99c2679edb09768c45012979da1389605c6a54204292","rhtas/tuftool-rhel9:sha256:cc2676a9d70599503faf8ca413e7bbc29cd523782a3d1e81bfc8f9e6323b4a28"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31812.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-31808","severity":"moderate","public_date":"2026-03-10T21:01:55Z","advisories":[],"bugzilla":"2446309","bugzilla_description":"file-type: file-type: Denial of Service due to infinite loop in ASF file parsing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-835","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31808.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-30951","severity":"important","public_date":"2026-03-10T20:22:46Z","advisories":[],"bugzilla":"2446250","bugzilla_description":"sequelize: Sequelize: Data exfiltration via SQL injection in JSON/JSONB where clause processing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-89","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30951.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-23868","severity":"important","public_date":"2026-03-10T18:53:25Z","advisories":[],"bugzilla":"2446207","bugzilla_description":"giflib: Giflib: Double-free vulnerability leading to memory corruption","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23868.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"7.0"},{"CVE":"CVE-2026-28292","severity":"important","public_date":"2026-03-10T18:34:21Z","advisories":[],"bugzilla":"2446162","bugzilla_description":"simple-git: simple-git: Remote Code Execution via bypass of prior security fixes","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-76","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28292.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-26130","severity":"important","public_date":"2026-03-10T17:05:22Z","advisories":["RHSA-2026:4458","RHSA-2026:4453","RHSA-2026:4443","RHSA-2026:4454","RHSA-2026:4455","RHSA-2026:4445","RHSA-2026:4456","RHSA-2026:4450","RHSA-2026:4451"],"bugzilla":"2446134","bugzilla_description":"asp.net: ASP.NET Core: Denial of Service via uncontrolled resource allocation","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-770","affected_packages":["dotnet8.0-0:8.0.125-1.el10_1","dotnet8.0-0:8.0.125-1.el9_7","dotnet9.0-0:9.0.115-1.el10_1","dotnet9.0-0:9.0.115-1.el9_7","dotnet10.0-0:10.0.104-1.el10_1","dotnet9.0-0:9.0.115-1.el8_10","dotnet8.0-0:8.0.125-1.el8_10","dotnet10.0-0:10.0.104-1.el8_10","dotnet10.0-0:10.0.104-1.el9_7"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26130.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-26127","severity":"moderate","public_date":"2026-03-10T17:05:10Z","advisories":["RHSA-2026:4458","RHSA-2026:4453","RHSA-2026:4443","RHSA-2026:4445","RHSA-2026:4456","RHSA-2026:4450"],"bugzilla":"2446098","bugzilla_description":".net: .NET: Denial of Service via out-of-bounds read","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":["dotnet9.0-0:9.0.115-1.el10_1","dotnet9.0-0:9.0.115-1.el9_7","dotnet10.0-0:10.0.104-1.el10_1","dotnet9.0-0:9.0.115-1.el8_10","dotnet10.0-0:10.0.104-1.el8_10","dotnet10.0-0:10.0.104-1.el9_7"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26127.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-26131","severity":"moderate","public_date":"2026-03-10T17:05:09Z","advisories":[],"bugzilla":"2446069","bugzilla_description":"dotnet: .NET: Privilege escalation via incorrect default permissions","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-276","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26131.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"7.8"},{"CVE":"CVE-2026-30942","severity":"important","public_date":"2026-03-10T16:44:10Z","advisories":[],"bugzilla":"2446087","bugzilla_description":"flare: Flare: Information disclosure via authenticated path traversal","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30942.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-2742","severity":"moderate","public_date":"2026-03-10T12:08:48Z","advisories":[],"bugzilla":"2446005","bugzilla_description":"com.vaadin/flow-server: Vaadin flow-server: Authentication bypass due to inconsistent path matching allows unauthorized session creation.","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-551","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2742.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","cvss3_score":"6.3"},{"CVE":"CVE-2026-2741","severity":"low","public_date":"2026-03-10T12:08:30Z","advisories":[],"bugzilla":"2446008","bugzilla_description":"Vaadin-Flow: Vaadin: Arbitrary file write via path traversal during Node.js download","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2741.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:L","cvss3_score":"2.6"},{"CVE":"CVE-2026-23907","severity":"moderate","public_date":"2026-03-10T09:43:40Z","advisories":[],"bugzilla":"2445994","bugzilla_description":"org.apache.pdfbox:pdfbox-examples: Apache PDFBox Example: Path Traversal via specially crafted filenames allows arbitrary file write","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23907.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-23239","severity":"moderate","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446109","bugzilla_description":"kernel: Kernel: Race condition in espintcp can lead to denial of service","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-366","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23239.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H","cvss3_score":"5.8"},{"CVE":"CVE-2026-23240","severity":"moderate","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446139","bugzilla_description":"kernel: Linux kernel: Denial of service due to a race condition in the TLS subsystem","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-366","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-23240.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H","cvss3_score":"5.8"},{"CVE":"CVE-2026-3918","severity":"important","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446844","bugzilla_description":"chromium-browser: Use after free in WebMCP","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3918.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-3921","severity":"important","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446845","bugzilla_description":"chromium-browser: Use after free in TextEncoding","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3921.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-3913","severity":"critical","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446846","bugzilla_description":"chromium-browser: Heap buffer overflow in WebML","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3913.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","cvss3_score":"9.6"},{"CVE":"CVE-2026-3923","severity":"important","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446847","bugzilla_description":"chromium-browser: Use after free in WebMIDI","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3923.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-3914","severity":"important","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446848","bugzilla_description":"chromium-browser: Integer overflow in WebML","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3914.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-3938","severity":"low","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446849","bugzilla_description":"chromium-browser: Insufficient policy enforcement in Clipboard","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3938.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","cvss3_score":"4.3"},{"CVE":"CVE-2026-3934","severity":"moderate","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446850","bugzilla_description":"chromium-browser: Insufficient policy enforcement in ChromeDriver","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3934.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-3942","severity":"low","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446852","bugzilla_description":"chromium-browser: Incorrect security UI in PictureInPicture","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3942.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","cvss3_score":"4.3"},{"CVE":"CVE-2026-3919","severity":"important","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446853","bugzilla_description":"chromium-browser: Use after free in Extensions","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3919.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-3916","severity":"important","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446854","bugzilla_description":"chromium-browser: Out of bounds read in Web Speech","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3916.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-3915","severity":"important","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446856","bugzilla_description":"chromium-browser: Heap buffer overflow in WebML","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3915.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-3927","severity":"moderate","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446857","bugzilla_description":"chromium-browser: Incorrect security UI in PictureInPicture","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3927.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-3926","severity":"moderate","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446859","bugzilla_description":"chromium-browser: Out of bounds read in V8","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3926.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-3940","severity":"low","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446860","bugzilla_description":"chromium-browser: Insufficient policy enforcement in DevTools","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3940.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","cvss3_score":"4.3"},{"CVE":"CVE-2026-3917","severity":"important","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446861","bugzilla_description":"chromium-browser: Use after free in Agents","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3917.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-3941","severity":"low","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446863","bugzilla_description":"chromium-browser: Insufficient policy enforcement in DevTools","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3941.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","cvss3_score":"4.3"},{"CVE":"CVE-2026-3920","severity":"important","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446864","bugzilla_description":"chromium-browser: Out of bounds memory access in WebML","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3920.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-3928","severity":"moderate","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446865","bugzilla_description":"chromium-browser: Insufficient policy enforcement in Extensions","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3928.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-3922","severity":"important","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446866","bugzilla_description":"chromium-browser: Use after free in MediaStream","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3922.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-3931","severity":"moderate","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446868","bugzilla_description":"chromium-browser: Heap buffer overflow in Skia","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3931.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-3929","severity":"moderate","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446870","bugzilla_description":"chromium-browser: Side-channel information leakage in ResourceTiming","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3929.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-3924","severity":"important","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446871","bugzilla_description":"chromium-browser: Use after free in WindowDialog","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3924.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","cvss3_score":"8.8"},{"CVE":"CVE-2026-3935","severity":"moderate","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446872","bugzilla_description":"chromium-browser: Incorrect security UI in WebAppInstalls","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3935.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-3939","severity":"low","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2446873","bugzilla_description":"chromium-browser: Insufficient policy enforcement in PDF","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3939.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","cvss3_score":"4.3"},{"CVE":"CVE-2026-3930","severity":"moderate","public_date":"2026-03-10T00:00:00Z","advisories":[],"bugzilla":"2447256","bugzilla_description":"chromium-browser: Unsafe navigation in Navigation","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3930.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","cvss3_score":"6.5"},{"CVE":"CVE-2026-30937","severity":"moderate","public_date":"2026-03-09T21:50:15Z","advisories":[],"bugzilla":"2445882","bugzilla_description":"ImageMagick: ImageMagick: Denial of Service via integer overflow in XWD encoder","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30937.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","cvss3_score":"6.8"},{"CVE":"CVE-2026-30936","severity":"moderate","public_date":"2026-03-09T21:49:36Z","advisories":[],"bugzilla":"2445880","bugzilla_description":"ImageMagick: ImageMagick: Denial of Service via crafted image processing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-787","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30936.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-30935","severity":"moderate","public_date":"2026-03-09T21:48:47Z","advisories":[],"bugzilla":"2445899","bugzilla_description":"ImageMagick: heap-based buffer over-read in BilateralBlurImage","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30935.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-30931","severity":"moderate","public_date":"2026-03-09T21:47:48Z","advisories":[],"bugzilla":"2445900","bugzilla_description":"ImageMagick: ImageMagick: Heap-based buffer overflow leading to out-of-bounds write","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30931.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","cvss3_score":"6.8"},{"CVE":"CVE-2026-30929","severity":"moderate","public_date":"2026-03-09T21:46:31Z","advisories":[],"bugzilla":"2445896","bugzilla_description":"ImageMagick: stack-based buffer overflow in MagnifyImage","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-121","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30929.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H","cvss3_score":"6.1"},{"CVE":"CVE-2026-30883","severity":"moderate","public_date":"2026-03-09T21:45:55Z","advisories":[],"bugzilla":"2445878","bugzilla_description":"ImageMagick: ImageMagick: Denial of Service due to heap overflow when processing large image profiles","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-30883.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H","cvss3_score":"5.7"},{"CVE":"CVE-2026-28693","severity":"important","public_date":"2026-03-09T21:42:28Z","advisories":["RHSA-2026:6713"],"bugzilla":"2445888","bugzilla_description":"ImageMagick: ImageMagick: Out-of-bounds read or write due to integer overflow in DIB coder","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":["ImageMagick-0:6.9.10.68-15.el7_9"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28693.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","cvss3_score":"8.1"},{"CVE":"CVE-2026-28692","severity":"moderate","public_date":"2026-03-09T21:41:39Z","advisories":[],"bugzilla":"2445890","bugzilla_description":"ImageMagick: ImageMagick: Information disclosure and denial of service via heap over-read in MAT decoder","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28692.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L","cvss3_score":"4.8"},{"CVE":"CVE-2026-28691","severity":"important","public_date":"2026-03-09T21:40:42Z","advisories":["RHSA-2026:6713"],"bugzilla":"2445902","bugzilla_description":"ImageMagick: ImageMagick: Denial of Service via uninitialized pointer dereference in JBIG decoder","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-824","affected_packages":["ImageMagick-0:6.9.10.68-15.el7_9"],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28691.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"7.5"},{"CVE":"CVE-2026-28690","severity":"moderate","public_date":"2026-03-09T21:39:53Z","advisories":[],"bugzilla":"2445887","bugzilla_description":"ImageMagick: stack-based buffer overflow in MNG encoder","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-121","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28690.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H","cvss3_score":"6.1"},{"CVE":"CVE-2026-28689","severity":"moderate","public_date":"2026-03-09T21:39:13Z","advisories":[],"bugzilla":"2445891","bugzilla_description":"ImageMagick: ImageMagick: Information disclosure and unauthorized modification via symlink TOCTOU vulnerability","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-367","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28689.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N","cvss3_score":"6.3"},{"CVE":"CVE-2026-28688","severity":"moderate","public_date":"2026-03-09T21:38:08Z","advisories":[],"bugzilla":"2445877","bugzilla_description":"ImageMagick: use-after-free in the MSL encoder","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-416","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28688.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2026-28687","severity":"moderate","public_date":"2026-03-09T21:37:24Z","advisories":[],"bugzilla":"2445897","bugzilla_description":"ImageMagick: ImageMagick: Heap use-after-free vulnerability allows denial of service via crafted MSL file","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-825","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28687.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-28686","severity":"moderate","public_date":"2026-03-09T21:33:15Z","advisories":[],"bugzilla":"2445889","bugzilla_description":"ImageMagick: ImageMagick: Denial of Service via heap-buffer-overflow in PCL encode","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28686.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H","cvss3_score":"6.8"},{"CVE":"CVE-2026-28494","severity":"moderate","public_date":"2026-03-09T21:31:36Z","advisories":[],"bugzilla":"2445901","bugzilla_description":"ImageMagick: ImageMagick: Arbitrary code execution or denial of service via maliciously crafted kernel strings","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-120","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28494.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H","cvss3_score":"7.1"},{"CVE":"CVE-2026-28493","severity":"moderate","public_date":"2026-03-09T21:29:39Z","advisories":[],"bugzilla":"2445883","bugzilla_description":"ImageMagick: ImageMagick: Denial of Service and information disclosure via integer overflow in SIXEL decoder","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-190","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28493.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-31802","severity":"moderate","public_date":"2026-03-09T21:11:56Z","advisories":[],"bugzilla":"2445881","bugzilla_description":"tar: tar: File overwrite via drive-relative symlink traversal","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31802.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N","cvss3_score":"6.2"},{"CVE":"CVE-2026-25960","severity":"important","public_date":"2026-03-09T21:01:01Z","advisories":[],"bugzilla":"2445892","bugzilla_description":"vLLM: vLLM: Server-Side Request Forgery bypass via inconsistent URL parsing","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-474","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25960.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L","cvss3_score":"7.1"},{"CVE":"CVE-2026-0846","severity":"important","public_date":"2026-03-09T19:19:09Z","advisories":[],"bugzilla":"2445826","bugzilla_description":"nltk: NLTK: Arbitrary file read via improper path validation in `filestring()` function","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0846.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","cvss3_score":"7.5"},{"CVE":"CVE-2026-3836","severity":"moderate","public_date":"2026-03-09T12:34:00Z","advisories":[],"bugzilla":"2445770","bugzilla_description":"dnf5: dnf5: Denial of Service via path traversal in D-Bus locale configuration","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-22","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3836.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2025-69647","severity":"low","public_date":"2026-03-09T00:00:00Z","advisories":[],"bugzilla":"2445773","bugzilla_description":"binutils: infinite loop in readelf via crafted binary with malformed DWARF loclists data","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-835","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69647.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","cvss3_score":"3.3"},{"CVE":"CVE-2025-69648","severity":"low","public_date":"2026-03-09T00:00:00Z","advisories":[],"bugzilla":"2445774","bugzilla_description":"binutils: infinite loop in readelf via crafted binary with malformed DWARF .debug_rnglists data","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-835","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-69648.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","cvss3_score":"3.3"},{"CVE":"CVE-2024-14027","severity":"low","public_date":"2026-03-09T00:00:00Z","advisories":[],"bugzilla":"2445789","bugzilla_description":"kernel: xattr: switch to CLASS(fd)","cvss_score":null,"cvss_scoring_vector":null,"CWE":null,"affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-14027.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.5"},{"CVE":"CVE-2025-70034","severity":"moderate","public_date":"2026-03-09T00:00:00Z","advisories":[],"bugzilla":"2445801","bugzilla_description":"ssh2: ssh2: Denial of Service due to inefficient regular expression complexity","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1333","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-70034.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","cvss3_score":"6.5"},{"CVE":"CVE-2026-3731","severity":"moderate","public_date":"2026-03-08T10:32:19Z","advisories":[],"bugzilla":"2445579","bugzilla_description":"libssh: libssh: Denial of Service via out-of-bounds read in SFTP extension name handler","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-125","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3731.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-3713","severity":"moderate","public_date":"2026-03-08T06:02:11Z","advisories":[],"bugzilla":"2445566","bugzilla_description":"libpng: libpng: Heap-based buffer overflow in pnm2png allows information disclosure and denial of service","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-131","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3713.json","cvss3_scoring_vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","cvss3_score":"5.3"},{"CVE":"CVE-2026-29076","severity":"moderate","public_date":"2026-03-07T16:08:56Z","advisories":[],"bugzilla":"2445491","bugzilla_description":"cpp-httplib: cpp-httplib: Denial of Service via crafted HTTP POST request","cvss_score":null,"cvss_scoring_vector":null,"CWE":"CWE-1333","affected_packages":[],"package_state":null,"resource_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29076.json","cvss3_scoring_vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","cvss3_score":"5.9"}]